← Back to branch summary

~ubuntu-branches/ubuntu/precise/mesa/precise-security

« back to all changes in this revision

Viewing changes to src/mesa/swrast/s_blit.c

  • Committer: Package Import Robot
  • Author(s): Marc Deslauriers, Steve Beattie
  • Date: 2012-10-19 09:04:04 UTC
  • mfrom: (163.1.4 precise-proposed)
  • Revision ID: package-import@ubuntu.com-20121019090404-5zbjpsp6knv7zl3b
Tags: 8.0.4-0ubuntu0.2
https://launchpad.net/bugs/1046933
[ Steve Beattie ]
* SECURITY UPDATE: samplers array overflow (LP: #1046933)
  - debian/patches/50-CVE-2012-2864.patch: ensure that more than
    MAX_SAMPLERS are not used
  - CVE-2012-2864

Show diffs side-by-side

added added

removed removed

Lines of Context:
src/mesa/swrast/s_blit.c
566
566
                                  GL_MAP_READ_BIT | GL_MAP_WRITE_BIT,
567
567
                                  &srcMap, &srcRowStride);
568
568
      if (!srcMap) {
 
569
         free(srcBuffer0);
 
570
         free(srcBuffer1);
 
571
         free(dstBuffer);
569
572
         _mesa_error(ctx, GL_OUT_OF_MEMORY, "glBlitFramebuffer");
570
573
         return;
571
574
      }
582
585
                                  0, 0, readRb->Width, readRb->Height,
583
586
                                  GL_MAP_READ_BIT, &srcMap, &srcRowStride);
584
587
      if (!srcMap) {
 
588
         free(srcBuffer0);
 
589
         free(srcBuffer1);
 
590
         free(dstBuffer);
585
591
         _mesa_error(ctx, GL_OUT_OF_MEMORY, "glBlitFramebuffer");
586
592
         return;
587
593
      }
590
596
                                  GL_MAP_WRITE_BIT, &dstMap, &dstRowStride);
591
597
      if (!dstMap) {
592
598
         ctx->Driver.UnmapRenderbuffer(ctx, readRb);
 
599
         free(srcBuffer0);
 
600
         free(srcBuffer1);
 
601
         free(dstBuffer);
593
602
         _mesa_error(ctx, GL_OUT_OF_MEMORY, "glBlitFramebuffer");
594
603
         return;
595
604
      }