From 1110113a7f0b6f9b21dd26dee8e95a021041c71c Mon Sep 17 00:00:00 2001
From: Mario Kleiner <mario.kleiner.de@gmail.com>
Date: Thu, 12 Mar 2015 23:34:12 +0100
Subject: [PATCH] mapi: Make private copies of name strings provided by client.

glXGetProcAddress("glFoo") ends up in stub_add_dynamic() to
create dynamic stubs for dynamic functions. stub_add_dynamic()
doesn't store the caller provided name string "Foo" in a mesa
private copy, but just stores a pointer to the "glFoo" string
passed to glXGetProcAddress - a pointer into arbitrary memory
outside mesa's control.

If the caller passes some dynamically allocated/changing
memory buffer to glXGetProcAddress(), or the caller gets unmapped
from memory, e.g., some dynamically loaded application
plugin which uses OpenGL, this ends badly - with a dangling
pointer.

strdup() the name string provided by the client to avoid
this problem.

Cc: "10.3 10.4 10.5" <mesa-stable@lists.freedesktop.org>
Signed-off-by: Mario Kleiner <mario.kleiner.de@gmail.com>
Reviewed-by: Brian Paul <brianp@vmware.com>
---
 src/mapi/stub.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/mapi/stub.c b/src/mapi/stub.c
index 05436bab6d3..45e4f7dc69e 100644
--- a/src/mapi/stub.c
+++ b/src/mapi/stub.c
@@ -102,7 +102,7 @@ stub_add_dynamic(const char *name)
    if (!stub->addr)
       return NULL;
 
-   stub->name = (const void *) name;
+   stub->name = (const void *) strdup(name);
    /* to be fixed later */
    stub->slot = -1;
 
-- 
2.30.2