aboutsummaryrefslogtreecommitdiffstats
path: root/meta/recipes-graphics/virglrenderer/virglrenderer/CVE-2019-18390.patch
diff options
context:
space:
mode:
authorLee Chee Yang <chee.yang.lee@intel.com>2020-03-02 14:32:59 +0800
committerAnuj Mittal <anuj.mittal@intel.com>2020-03-04 10:54:01 +0800
commitfb0b056cba2b3b6e92427996f098333bf09f0ee9 (patch)
tree8b4c6086957d079c57f7586093722bd8d4e3720e /meta/recipes-graphics/virglrenderer/virglrenderer/CVE-2019-18390.patch
parent46fd0c6a8d98adb62bf1116bba26c83950d59813 (diff)
downloadopenembedded-core-contrib-anujm/zeus2.tar.gz
virglrenderer: fix multiple CVEsanujm/zeus2
fix these CVE: CVE-2019-18390 CVE-2019-18391 CVE-2020-8002 Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Diffstat (limited to 'meta/recipes-graphics/virglrenderer/virglrenderer/CVE-2019-18390.patch')
-rw-r--r--meta/recipes-graphics/virglrenderer/virglrenderer/CVE-2019-18390.patch66
1 files changed, 66 insertions, 0 deletions
diff --git a/meta/recipes-graphics/virglrenderer/virglrenderer/CVE-2019-18390.patch b/meta/recipes-graphics/virglrenderer/virglrenderer/CVE-2019-18390.patch
new file mode 100644
index 0000000000..ad61c95be3
--- /dev/null
+++ b/meta/recipes-graphics/virglrenderer/virglrenderer/CVE-2019-18390.patch
@@ -0,0 +1,66 @@
+From 24f67de7a9088a873844a39be03cee6882260ac9 Mon Sep 17 00:00:00 2001
+From: Gert Wollny <gert.wollny@collabora.com>
+Date: Mon, 7 Oct 2019 10:59:56 +0200
+Subject: [PATCH] vrend: check info formats in blits
+
+Closes #141
+Closes #142
+
+v2 : drop colon in error description (Emil)
+
+Signed-off-by: Gert Wollny <gert.wollny@collabora.com>
+Reviewed-by: Emil Velikov <emil.velikov@collabora.com>
+
+Upstream-Status: Backport
+[https://gitlab.freedesktop.org/virgl/virglrenderer/commit/24f67de7a9088a873844a39be03cee6882260ac9]
+CVE: CVE-2019-18390
+Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
+---
+ src/virgl_hw.h | 1 +
+ src/vrend_renderer.c | 11 +++++++++++
+ 2 files changed, 12 insertions(+)
+
+diff --git a/src/virgl_hw.h b/src/virgl_hw.h
+index 145780bf..5ccf3073 100644
+--- a/src/virgl_hw.h
++++ b/src/virgl_hw.h
+@@ -426,6 +426,7 @@ enum virgl_ctx_errors {
+ VIRGL_ERROR_CTX_ILLEGAL_CMD_BUFFER,
+ VIRGL_ERROR_CTX_GLES_HAVE_TES_BUT_MISS_TCS,
+ VIRGL_ERROR_GL_ANY_SAMPLES_PASSED,
++ VIRGL_ERROR_CTX_ILLEGAL_FORMAT,
+ };
+
+ #define VIRGL_RESOURCE_Y_0_TOP (1 << 0)
+diff --git a/src/vrend_renderer.c b/src/vrend_renderer.c
+index 14fefb38..aa6a89c1 100644
+--- a/src/vrend_renderer.c
++++ b/src/vrend_renderer.c
+@@ -758,6 +758,7 @@ static const char *vrend_ctx_error_strings[] = {
+ [VIRGL_ERROR_CTX_ILLEGAL_CMD_BUFFER] = "Illegal command buffer",
+ [VIRGL_ERROR_CTX_GLES_HAVE_TES_BUT_MISS_TCS] = "On GLES context and shader program has tesselation evaluation shader but no tesselation control shader",
+ [VIRGL_ERROR_GL_ANY_SAMPLES_PASSED] = "Query for ANY_SAMPLES_PASSED not supported",
++ [VIRGL_ERROR_CTX_ILLEGAL_FORMAT] = "Illegal format ID",
+ };
+
+ static void __report_context_error(const char *fname, struct vrend_context *ctx,
+@@ -8492,6 +8493,16 @@ void vrend_renderer_blit(struct vrend_context *ctx,
+ if (ctx->in_error)
+ return;
+
++ if (!info->src.format || (enum virgl_formats)info->src.format >= VIRGL_FORMAT_MAX) {
++ report_context_error(ctx, VIRGL_ERROR_CTX_ILLEGAL_FORMAT, info->src.format);
++ return;
++ }
++
++ if (!info->dst.format || (enum virgl_formats)info->dst.format >= VIRGL_FORMAT_MAX) {
++ report_context_error(ctx, VIRGL_ERROR_CTX_ILLEGAL_FORMAT, info->dst.format);
++ return;
++ }
++
+ if (info->render_condition_enable == false)
+ vrend_pause_render_condition(ctx, true);
+
+--
+2.24.1
+