glXGetProcAddress("glFoo") ends up in stub_add_dynamic() to create dynamic stubs for dynamic functions. stub_add_dynamic() doesn't store the caller provided name string "Foo" in a mesa private copy, but just stores a pointer to the "glFoo" string passed to glXGetProcAddress - a pointer into arbitrary memory outside mesa's control.
If the caller passes some dynamically allocated/changing memory buffer to glXGetProcAddress(), or the caller gets unmapped from memory, e.g., some dynamically loaded application plugin which uses OpenGL, this ends badly - with a dangling pointer.
strdup() the name string provided by the client to avoid this problem.
Cc: "10.3 10.4 10.5"
1110113 mapi: Make private copies of name strings provided by client.
src/mapi/stub.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
Upstream: cgit.freedesktop.org