Source-Changes-D archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: CVS commit: xsrc/external/mit/xf86-video-r128/dist/src
In article <20150707005552.D4A8B48%cvs.netbsd.org@localhost>,
Michael Lorenz <source-changes-d%NetBSD.org@localhost> wrote:
>-=-=-=-=-=-
>
>Modified files:
>
>Index: xsrc/external/mit/xf86-video-r128/dist/src/r128_driver.c
>diff -u xsrc/external/mit/xf86-video-r128/dist/src/r128_driver.c:1.9
>xsrc/external/mit/xf86-video-r128/dist/src/r128_driver.c:1.10
>--- xsrc/external/mit/xf86-video-r128/dist/src/r128_driver.c:1.9 Wed Mar
>19 23:56:47 2014
>+++ xsrc/external/mit/xf86-video-r128/dist/src/r128_driver.c Tue Jul 7
>00:55:52 2015
>@@ -1625,6 +1625,8 @@ static int R128ValidateFPModes(ScrnInfoP
> pScrn->display->modes[0] = xnfalloc(16);
> sprintf(pScrn->display->modes[0], "%dx%d",
> info->PanelXRes, info->PanelYRes);
>+ /* don't forget to NULL terminate */
>+ pScrn->display->modes[1] = NULL;
Pick up a magic number 16, and then use sprintf instead of snprintf ->
Welcome to the wonderful world of buffer overflow...
If PanelXRes == PanelYRes == 0x7fffffff then we get:
2147483647x2147483647
that needs 21 chars to print.
christos
Home |
Main Index |
Thread Index |
Old Index