git.ipfire.org Git - thirdparty/openembedded/openembedded-core.git/commit

author	Joe Slater <joe.slater@windriver.com>
	Wed, 16 Feb 2022 23:12:04 +0000 (15:12 -0800)
committer	Anuj Mittal <anuj.mittal@intel.com>
	Fri, 25 Feb 2022 03:03:50 +0000 (11:03 +0800)
commit	225f8b28ff0b3357382f517f39eb315b4bac9138
tree	9da630ec8feb4e95cc11606842bc7410318f850b	tree \| snapshot
parent	29cd1d796057ef5599fe17c39b42aa099f7b1c29	commit \| diff

virglrenderer: fix CVE-2022-0135 and -0175

CVE-2022-0135 concerns out-of-bounds writes in read_transfer_data().
CVE-2022-0175 concerns using malloc() instead of calloc().

We cherry-pick from master.

Signed-off-by: Joe Slater <joe.slater@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 91f7511df79c5c1f93add9f2827a5a266453614e)

Modify -0175 patch to apply to hardknott branch.

Signed-off-by: Joe Slater <joe.slater@windriver.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>

meta/recipes-graphics/virglrenderer/virglrenderer/cve-2022-0135.patch	[new file with mode: 0644]	blob
meta/recipes-graphics/virglrenderer/virglrenderer/cve-2022-0175.patch	[new file with mode: 0644]	blob
meta/recipes-graphics/virglrenderer/virglrenderer_0.8.2.bb		diff \| blob \| blame \| history