Summary: | __indirect_glReadPixels USE_XCB path buffer overflow | ||
---|---|---|---|
Product: | Mesa | Reporter: | Julien Cristau <jcristau> |
Component: | GLX | Assignee: | mesa-dev |
Status: | RESOLVED FIXED | QA Contact: | |
Severity: | normal | ||
Priority: | medium | Keywords: | patch |
Version: | 8.0 | ||
Hardware: | Other | ||
OS: | All | ||
Whiteboard: | |||
i915 platform: | i915 features: |
Description
Julien Cristau
2012-07-13 15:52:15 UTC
as a PoC, the patch below seems to fix the crashes and valgrind complaints I'd been seeing. A real fix would involve glX_proto_send.py. diff --git a/src/glx/indirect.c b/src/glx/indirect.c index a6b0c0d..ea0ccf2 100644 --- a/src/glx/indirect.c +++ b/src/glx/indirect.c @@ -3756,9 +3756,7 @@ __indirect_glReadPixels(GLint x, GLint y, GLsizei width, GLsizei height, state->storePack. swapEndian, 0), NULL); - (void) memcpy(pixels, xcb_glx_read_pixels_data(reply), - xcb_glx_read_pixels_data_length(reply) * - sizeof(GLvoid)); + __glEmptyImage(gc, 3, width, height, 1, format, type, xcb_glx_read_pixels_data(reply), pixels); free(reply); #else GLubyte const *pc = fixed in master, commit ac889b24109ba0aec4f8c7f103d3c23e78c11a29 |
Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.