Headline
CVE-2022-2832: ⚓ T99706 Null pointer Reference in blender_headless
When rendering with headless builds, show an error instead of crashing. Previously GPU_backend_init was called indirectly from DRW_opengl_context_create, a new function is now called from the window manager (GPU_backend_init_once), so it’s possible to check if the GPU has a back-end. This also disables the bgl Python module when building WITH_HEADLESS.
System Information
Operating system: Ubuntu 20.04.4 LTS
Graphics card: 2b:00.0 VGA compatible controller: NVIDIA Corporation TU116 [GeForce GTX 1650 SUPER] (rev a1)
Blender Version
Broken: Blender 3.3.0 Alpha branch : master, commit 3b15467e97abf473d4d25c7382999115d3169a57 Date: Thu Jul 14 16:33:21 2022 +0200
Worked: -
Short description of error
when use blender-headless that include blender
return Null ptr in option -a added
Exact steps for others to reproduce the error
build blender using
./blender -b [blend file path] -s 1 -e 25 -a ./blender -b [blend file path] -a
both can reproduce null ptr reference. I think its caused by “a” options
POC video below
https://youtu.be/_ys1VEdZ3Co
POC blend file below
the blend file is regulare and produced by blender(UI) that just basic square that app basically served
both is same
https://drive.google.com/file/d/1VLDLbVASAhKm8_x8UoX-ljIspAwmaBLm/view?usp=sharing
Note
Maybe this bug occured in
source/blender/gpu/opengl/gl_backend.cc``` that include void GPBackend::platform_init()
Related news
Red Hat Security Advisory 2022-7058-01 - OpenShift sandboxed containers support for OpenShift Container Platform provides users with built-in support for running Kata containers as an additional, optional runtime. This advisory contains an update for OpenShift sandboxed containers with security fixes and a bug fix. Space precludes documenting all of the updates to OpenShift sandboxed containers in this advisory. Issues addressed include a null pointer vulnerability.
OpenShift sandboxed containers 1.3.1 is now available.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2832: blender: Null pointer reference in blender thumbnail extractor * CVE-2022-24675: golang: encoding/pem: fix stack overflow in Decode * CVE-2022-30632: golang: path/filepath: stack exhaustion in Glob