From 7c3f71cea83c3471dfd862ace8f4ea42f9ed4561 Mon Sep 17 00:00:00 2001 From: khorben Date: Mon, 20 Apr 2015 13:38:59 +0000 Subject: Add patch from xsrc to avoid random stack access CID 1107540: Make the code safe avoiding random stack access. In the first loop where there is a singleton point to pptSrc, only access that singleton, no matter what. Bump PKGREVISION as well. Originally from Christos Zoulas: http://mail-index.netbsd.org/source-changes/2013/11/14/msg049188.html Reported upstream by Patrick Welche: http://lists.freedesktop.org/archives/intel-gfx/2015-January/059018.html --- x11/xf86-video-intel/Makefile | 4 +-- x11/xf86-video-intel/distinfo | 3 +- .../patches/patch-src_legacy_i810_i810__dri.c | 33 ++++++++++++++++++++++ 3 files changed, 37 insertions(+), 3 deletions(-) create mode 100644 x11/xf86-video-intel/patches/patch-src_legacy_i810_i810__dri.c diff --git a/x11/xf86-video-intel/Makefile b/x11/xf86-video-intel/Makefile index 9c47deea475..4ad7dd61711 100644 --- a/x11/xf86-video-intel/Makefile +++ b/x11/xf86-video-intel/Makefile @@ -1,7 +1,7 @@ -# $NetBSD: Makefile,v 1.33 2015/04/03 09:59:57 tnn Exp $ +# $NetBSD: Makefile,v 1.34 2015/04/20 13:38:59 khorben Exp $ DISTNAME= xf86-video-intel-2.99.917 -PKGREVISION= 1 +PKGREVISION= 2 CATEGORIES= x11 MASTER_SITES= ${MASTER_SITE_XORG:=driver/} EXTRACT_SUFX= .tar.bz2 diff --git a/x11/xf86-video-intel/distinfo b/x11/xf86-video-intel/distinfo index d253820a60a..2f64e752b6f 100644 --- a/x11/xf86-video-intel/distinfo +++ b/x11/xf86-video-intel/distinfo @@ -1,7 +1,8 @@ -$NetBSD: distinfo,v 1.23 2015/03/03 01:02:05 khorben Exp $ +$NetBSD: distinfo,v 1.24 2015/04/20 13:38:59 khorben Exp $ SHA1 (xf86-video-intel-2.99.917.tar.bz2) = 9af9ded7a29026c211e5eb50a547e3e33976301d RMD160 (xf86-video-intel-2.99.917.tar.bz2) = dd443e9e87286bbc454f4231a7a5d7c9bb2488a1 Size (xf86-video-intel-2.99.917.tar.bz2) = 2259040 bytes SHA1 (patch-src_backlight.c) = 32e181a91a1947387d7221284f44f05d9ce433c7 +SHA1 (patch-src_legacy_i810_i810__dri.c) = fb963b994d51c9db48457106048226214a2d986c SHA1 (patch-src_sna_sna__dri2.c) = 4bcc7e5c502a340954073386dad88fd6cebcc7b1 diff --git a/x11/xf86-video-intel/patches/patch-src_legacy_i810_i810__dri.c b/x11/xf86-video-intel/patches/patch-src_legacy_i810_i810__dri.c new file mode 100644 index 00000000000..6c8e6e05546 --- /dev/null +++ b/x11/xf86-video-intel/patches/patch-src_legacy_i810_i810__dri.c @@ -0,0 +1,33 @@ +$NetBSD: patch-src_legacy_i810_i810__dri.c,v 1.1 2015/04/20 13:39:00 khorben Exp $ + +CID 1107540: Make the code safe avoiding random stack access. In +the first loop where there is a singleton point to pptSrc, only +access that singleton, no matter what. + +November 2013 patch from NetBSD xsrc: +http://mail-index.netbsd.org/source-changes/2013/11/14/msg049188.html + +--- src/legacy/i810/i810_dri.c.orig 2014-08-29 09:33:11.000000000 +0000 ++++ src/legacy/i810/i810_dri.c +@@ -1104,10 +1104,17 @@ I810DRIMoveBuffers(WindowPtr pParent, DD + while ((pboxNext >= pbox) && (pboxBase->y1 == pboxNext->y1)) + pboxNext--; + pboxTmp = pboxNext + 1; +- pptTmp = pptSrc + (pboxTmp - pbox); +- while (pboxTmp <= pboxBase) { +- *pboxNew1++ = *pboxTmp++; +- *pptNew1++ = *pptTmp++; ++ if (pptSrc == &ptOldOrg) { ++ if (pboxTmp <= pboxBase) { ++ *pboxNew1++ = *pboxTmp; ++ *pptNew1++ = *pptSrc; ++ } ++ } else { ++ pptTmp = pptSrc + (pboxTmp - pbox); ++ while (pboxTmp <= pboxBase) { ++ *pboxNew1++ = *pboxTmp++; ++ *pptNew1++ = *pptTmp++; ++ } + } + pboxBase = pboxNext; + } -- cgit v1.2.3