Hello community, here is the log from the commit of package wayland for openSUSE:Factory checked in at 2016-11-08 18:25:33 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/wayland (Old) and /work/SRC/openSUSE:Factory/.wayland.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "wayland" Changes: -------- --- /work/SRC/openSUSE:Factory/wayland/wayland.changes 2016-09-30 15:25:21.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.wayland.new/wayland.changes 2016-11-08 18:25:34.000000000 +0100 @@ -1,0 +2,7 @@ +Sat Nov 5 21:51:01 UTC 2016 - [email protected] + +- Add + wayland-wl_array_Set_data_to_invalid_address_after_free.patch: + Crash fix patch from upstream git. + +------------------------------------------------------------------- New: ---- wayland-wl_array_Set_data_to_invalid_address_after_free.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ wayland.spec ++++++ --- /var/tmp/diff_new_pack.BCZcnd/_old 2016-11-08 18:25:35.000000000 +0100 +++ /var/tmp/diff_new_pack.BCZcnd/_new 2016-11-08 18:25:35.000000000 +0100 @@ -31,6 +31,8 @@ Source2: http://wayland.freedesktop.org/releases/%name-%version.tar.xz.sig Source3: %name.keyring Source4: baselibs.conf +# PATCH-FIX-UPSTREAM wayland-wl_array_Set_data_to_invalid_address_after_free.patch [email protected] -- Fix a crash after free. +Patch0: wayland-wl_array_Set_data_to_invalid_address_after_free.patch #git#BuildRequires: autoconf >= 2.64 #git#BuildRequires: automake >= 1.11 #git#BuildRequires: libtool >= 2.2 @@ -120,6 +122,7 @@ %prep %setup -q +%patch0 -p1 %build if [ ! -e configure ]; then ++++++ wayland-wl_array_Set_data_to_invalid_address_after_free.patch ++++++ m e8ad23266f36521215dcd7cfcc524e0ef67d66dd Mon Sep 17 00:00:00 2001 From: Yong Bakos <[email protected]> Date: Tue, 27 Sep 2016 13:03:48 -0500 Subject: wl_array: Set data to invalid address after free Explicitly set the data member to an invalid memory address during wl_array_release, such that re-using a freed wl_array without re-initializing causes a crash. In addition, this pointer assignment makes wl_array_release testable. Define a constant for the invalid memory address, and add documentation about this behavior, starting at libwayland version 1.13. See https://lists.freedesktop.org/archives/wayland-devel/2016-September/031116.html Signed-off-by: Yong Bakos <[email protected]> Reviewed-by: Eric Engestrom <[email protected]> [Pekka: remove the doc about crashing] Signed-off-by: Pekka Paalanen <[email protected]> diff --git a/src/wayland-private.h b/src/wayland-private.h index ac712d9..ef58ccf 100644 --- a/src/wayland-private.h +++ b/src/wayland-private.h @@ -36,6 +36,9 @@ #include "wayland-util.h" +/* Invalid memory address */ +#define WL_ARRAY_POISON_PTR (void *) 4 + #define ARRAY_LENGTH(a) (sizeof (a) / sizeof (a)[0]) #define container_of(ptr, type, member) ({ \ diff --git a/src/wayland-util.c b/src/wayland-util.c index 639ccf8..077fec7 100644 --- a/src/wayland-util.c +++ b/src/wayland-util.c @@ -102,6 +102,7 @@ WL_EXPORT void wl_array_release(struct wl_array *array) { free(array->data); + array->data = WL_ARRAY_POISON_PTR; } WL_EXPORT void * -- cgit v0.10.2
