mesa: Changes to 'debian-unstable'

Thu, 23 Aug 2012 16:48:14 -0700 

 debian/changelog           |    6 ++++--
 src/glsl/link_uniforms.cpp |    2 +-
 2 files changed, 5 insertions(+), 3 deletions(-)

New commits:
commit 632d0f30df00102d2f046e7a481009a23eb0b012
Author: Julien Cristau <[email protected]>
Date:   Fri Aug 24 00:09:49 2012 +0200

    Upload to unstable

diff --git a/debian/changelog b/debian/changelog
index e2b6c5d..06a4b49 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,8 +1,10 @@
-mesa (8.0.4-2) UNRELEASED; urgency=low
+mesa (8.0.4-2) unstable; urgency=high
 
   * Use xz for all binary packages not just *-dbg.
+  * glsl/linker: Avoid buffer over-run in
+    parcel_out_uniform_storage::visit_field (CVE-2012-2864; closes: #685667).
 
- -- Julien Cristau <[email protected]>  Fri, 03 Aug 2012 23:17:16 +0200
+ -- Julien Cristau <[email protected]>  Fri, 24 Aug 2012 00:09:47 +0200
 
 mesa (8.0.4-1) unstable; urgency=low
 

commit 368dddd0e350dcb7d954e8cb04ebcc0a5e9b658b
Author: Stéphane Marchesin <[email protected]>
Date:   Tue Aug 14 17:15:54 2012 -0700

    glsl/linker: Avoid buffer over-run in 
parcel_out_uniform_storage::visit_field
    
    When too may uniforms are used, the error will be caught in
    check_resources (src/glsl/linker.cpp).
    
    NOTE: This is a candidate for the 8.0 branch.
    
    Signed-off-by: Stéphane Marchesin <[email protected]>
    Reviewed-by: Ian Romanick <[email protected]>
    Tested-by: Benoit Jacob <[email protected]>
    (cherry picked from commit ff996cafce511dd8a6c4e066e409c23e147a670c)

diff --git a/src/glsl/link_uniforms.cpp b/src/glsl/link_uniforms.cpp
index 588008a..e14172c 100644
--- a/src/glsl/link_uniforms.cpp
+++ b/src/glsl/link_uniforms.cpp
@@ -275,7 +275,7 @@ private:
         const gl_texture_index target = base_type->sampler_index();
         const unsigned shadow = base_type->sampler_shadow;
         for (unsigned i = this->uniforms[id].sampler
-                ; i < this->next_sampler
+                ; i < MIN2(this->next_sampler, MAX_SAMPLERS)
                 ; i++) {
            this->targets[i] = target;
            this->shader_samplers_used |= 1U << i;


-- 
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
Archive: http://lists.debian.org/[email protected]

Reply via email to