Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 24 Feb 2017 11:03:42 +0100
From: Matthias Gerstner <>
Subject: Re: CVE-2017-5956 virglrenderer: Virglrenderer: OOB
 access while in vrend_draw_vbo

> Upstream patch:
> ---------------
>   ->

Please note that the fix for this issue opens a memory leak, because it
forgets to free the 've' structure from this line:

  ve = calloc(num_elements, sizeof(struct pipe_vertex_element));

A possible follow-up patch is attached.

I've already informed the reporter of this issue but there seems to be
no upstream fix yet.



Matthias Gerstner <>
Dipl.-Wirtsch.-Inf. (FH), Security Engineer

SUSE Linux GmbH 
GF: Felix Imendörffer, Jane Smithard, Graham Norton
HRB 21284 (AG Nuernberg)

Download attachment "signature.asc" of type "application/pgp-signature" (820 bytes)

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ