Compare commits
1 Commits
7ab2d0011b
...
1a8fb64518
| Author | SHA1 | Date |
|---|---|---|
Mohan Boddu
|
1a8fb64518 |
|
|
@ -1,52 +0,0 @@
|
|||
From 9ad320c1ad1a25558998ddfe47674511567fec57 Mon Sep 17 00:00:00 2001
|
||||
From: Sebastian Rasmussen <sebras@gmail.com>
|
||||
Date: Mon, 12 Feb 2024 14:46:22 +0800
|
||||
Subject: [PATCH] Plug memory leak that happens upon error.
|
||||
|
||||
If fgStructure.CurrentMenu is set when glutAddMenuEntry() or
|
||||
glutAddSubMenu() is called the allocated menuEntry variable will
|
||||
leak. This commit postpones allocating menuEntry until after the
|
||||
error checks, thereby plugging the memory leak.
|
||||
|
||||
This fixes CVE-2024-24258 and CVE-2024-24259.
|
||||
---
|
||||
src/fg_menu.c | 4 ++--
|
||||
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/src/fg_menu.c b/src/fg_menu.c
|
||||
index 53112dc2..0da88901 100644
|
||||
--- a/src/fg_menu.c
|
||||
+++ b/src/fg_menu.c
|
||||
@@ -864,12 +864,12 @@ void FGAPIENTRY glutAddMenuEntry( const char* label, int value )
|
||||
{
|
||||
SFG_MenuEntry* menuEntry;
|
||||
FREEGLUT_EXIT_IF_NOT_INITIALISED ( "glutAddMenuEntry" );
|
||||
- menuEntry = (SFG_MenuEntry *)calloc( sizeof(SFG_MenuEntry), 1 );
|
||||
|
||||
freeglut_return_if_fail( fgStructure.CurrentMenu );
|
||||
if (fgState.ActiveMenus)
|
||||
fgError("Menu manipulation not allowed while menus in use.");
|
||||
|
||||
+ menuEntry = (SFG_MenuEntry *)calloc( sizeof(SFG_MenuEntry), 1 );
|
||||
menuEntry->Text = strdup( label );
|
||||
menuEntry->ID = value;
|
||||
|
||||
@@ -888,7 +888,6 @@ void FGAPIENTRY glutAddSubMenu( const char *label, int subMenuID )
|
||||
SFG_Menu *subMenu;
|
||||
|
||||
FREEGLUT_EXIT_IF_NOT_INITIALISED ( "glutAddSubMenu" );
|
||||
- menuEntry = ( SFG_MenuEntry * )calloc( sizeof( SFG_MenuEntry ), 1 );
|
||||
subMenu = fgMenuByID( subMenuID );
|
||||
|
||||
freeglut_return_if_fail( fgStructure.CurrentMenu );
|
||||
@@ -897,6 +896,7 @@ void FGAPIENTRY glutAddSubMenu( const char *label, int subMenuID )
|
||||
|
||||
freeglut_return_if_fail( subMenu );
|
||||
|
||||
+ menuEntry = ( SFG_MenuEntry * )calloc( sizeof( SFG_MenuEntry ), 1 );
|
||||
menuEntry->Text = strdup( label );
|
||||
menuEntry->SubMenu = subMenu;
|
||||
menuEntry->ID = -1;
|
||||
--
|
||||
2.43.0
|
||||
|
||||
|
|
@ -2,13 +2,12 @@
|
|||
Summary: A freely licensed alternative to the GLUT library
|
||||
Name: freeglut
|
||||
Version: 3.2.1
|
||||
Release: 10%{?dist}
|
||||
Release: 9%{?dist}
|
||||
URL: http://freeglut.sourceforge.net
|
||||
Source0: https://downloads.sourceforge.net/%{name}/%{name}-%{version}.tar.gz
|
||||
# For the manpages
|
||||
Source1: https://downloads.sourceforge.net/openglut/openglut-0.6.3-doc.tar.gz
|
||||
Patch0: common.patch
|
||||
Patch1: 0001-Plug-memory-leak-that-happens-upon-error.patch
|
||||
License: MIT
|
||||
|
||||
BuildRequires: gcc
|
||||
|
|
@ -53,8 +52,7 @@ license.
|
|||
|
||||
%prep
|
||||
%setup -q -a 1
|
||||
%patch -P 0 -p0
|
||||
%patch -P 1 -p1
|
||||
%patch0 -p0
|
||||
|
||||
%build
|
||||
%{cmake} -DFREEGLUT_BUILD_STATIC_LIBS=OFF .
|
||||
|
|
@ -84,11 +82,6 @@ install -p -m 644 doc/man/*.3 $RPM_BUILD_ROOT/%{_mandir}/man3
|
|||
%{_libdir}/cmake/FreeGLUT/*
|
||||
|
||||
%changelog
|
||||
* Thu Feb 15 2024 José Expósito <jexposit@redhat.com> - 3.2.1-10
|
||||
- Fix CVE-2024-24258 and CVE-2024-24259
|
||||
Resolves: https://issues.redhat.com/browse/RHEL-25176
|
||||
Resolves: https://issues.redhat.com/browse/RHEL-25178
|
||||
|
||||
* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 3.2.1-9
|
||||
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
|
||||
Related: rhbz#1991688
|
||||
|
|
|
|||
Loading…
Reference in New Issue