Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 24 Feb 2017 11:03:42 +0100
From: Matthias Gerstner <>
Subject: Re: CVE-2017-5956 virglrenderer: Virglrenderer: OOB
 access while in vrend_draw_vbo

> Upstream patch:
> ---------------
>   ->

Please note that the fix for this issue opens a memory leak, because it
forgets to free the 've' structure from this line:

  ve = calloc(num_elements, sizeof(struct pipe_vertex_element));

A possible follow-up patch is attached.

I've already informed the reporter of this issue but there seems to be
no upstream fix yet.



Matthias Gerstner <>
Dipl.-Wirtsch.-Inf. (FH), Security Engineer

SUSE Linux GmbH 
GF: Felix Imendörffer, Jane Smithard, Graham Norton
HRB 21284 (AG Nuernberg)

Download attachment "signature.asc" of type "application/pgp-signature" (820 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.