On 03/12/2015 04:34 PM, Mario Kleiner wrote:
glXGetProcAddress("glFoo") ends up in stub_add_dynamic() to create dynamic stubs for dynamic functions. stub_add_dynamic() doesn't store the caller provided name string "Foo" in a mesa private copy, but just stores a pointer to the "glFoo" string passed to glXGetProcAddress - a pointer into arbitrary memory outside mesa's control.If the caller passes some dynamically allocated/changing memory buffer to glXGetProcAddress(), or the caller gets unmapped from memory, e.g., some dynamically loaded application plugin which uses OpenGL, this ends badly - with a dangling pointer. strdup() the name string provided by the client to avoid this problem. Cc: "10.3 10.4 10.5" <[email protected]> Signed-off-by: Mario Kleiner <[email protected]> --- src/mapi/stub.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/mapi/stub.c b/src/mapi/stub.c index dfadbe1..45ccc6a 100644 --- a/src/mapi/stub.c +++ b/src/mapi/stub.c @@ -110,7 +110,7 @@ stub_add_dynamic(const char *name) if (!stub->addr) return NULL; - stub->name = (const void *) name; + stub->name = (const void *) strdup(name); /* to be fixed later */ stub->slot = -1;
LGTM. Reviewed-by: Brian Paul <[email protected]> _______________________________________________ mesa-dev mailing list [email protected] http://lists.freedesktop.org/mailman/listinfo/mesa-dev
