mesa: Changes to 'debian-unstable'
debian/changelog | 6 ++++--
src/glsl/link_uniforms.cpp | 2 +-
2 files changed, 5 insertions(+), 3 deletions(-)
New commits:
commit 632d0f30df00102d2f046e7a481009a23eb0b012
Author: Julien Cristau <jcristau@debian.org>
Date: Fri Aug 24 00:09:49 2012 +0200
Upload to unstable
diff --git a/debian/changelog b/debian/changelog
index e2b6c5d..06a4b49 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,8 +1,10 @@
-mesa (8.0.4-2) UNRELEASED; urgency=low
+mesa (8.0.4-2) unstable; urgency=high
* Use xz for all binary packages not just *-dbg.
+ * glsl/linker: Avoid buffer over-run in
+ parcel_out_uniform_storage::visit_field (CVE-2012-2864; closes: #685667).
- -- Julien Cristau <jcristau@debian.org> Fri, 03 Aug 2012 23:17:16 +0200
+ -- Julien Cristau <jcristau@debian.org> Fri, 24 Aug 2012 00:09:47 +0200
mesa (8.0.4-1) unstable; urgency=low
commit 368dddd0e350dcb7d954e8cb04ebcc0a5e9b658b
Author: Stéphane Marchesin <marcheu@chromium.org>
Date: Tue Aug 14 17:15:54 2012 -0700
glsl/linker: Avoid buffer over-run in parcel_out_uniform_storage::visit_field
When too may uniforms are used, the error will be caught in
check_resources (src/glsl/linker.cpp).
NOTE: This is a candidate for the 8.0 branch.
Signed-off-by: Stéphane Marchesin <marcheu@chromium.org>
Reviewed-by: Ian Romanick <ian.d.romanick@intel.com>
Tested-by: Benoit Jacob <bjacob@mozilla.com>
(cherry picked from commit ff996cafce511dd8a6c4e066e409c23e147a670c)
diff --git a/src/glsl/link_uniforms.cpp b/src/glsl/link_uniforms.cpp
index 588008a..e14172c 100644
--- a/src/glsl/link_uniforms.cpp
+++ b/src/glsl/link_uniforms.cpp
@@ -275,7 +275,7 @@ private:
const gl_texture_index target = base_type->sampler_index();
const unsigned shadow = base_type->sampler_shadow;
for (unsigned i = this->uniforms[id].sampler
- ; i < this->next_sampler
+ ; i < MIN2(this->next_sampler, MAX_SAMPLERS)
; i++) {
this->targets[i] = target;
this->shader_samplers_used |= 1U << i;
Reply to: