Re: CVS commit: xsrc/external/mit/xf86-video-r128/dist/src

To: christos%astron.com@localhost (Christos Zoulas), source-changes-d%NetBSD.org@localhost
Subject: Re: CVS commit: xsrc/external/mit/xf86-video-r128/dist/src
From: Michael <macallan%netbsd.org@localhost>
Date: Tue, 7 Jul 2015 13:29:18 -0400

Hello,

On Tue, 7 Jul 2015 14:46:27 +0000 (UTC)
christos%astron.com@localhost (Christos Zoulas) wrote:

> In article <20150707005552.D4A8B48%cvs.netbsd.org@localhost>,
> Michael Lorenz <source-changes-d%NetBSD.org@localhost> wrote:
> >-=-=-=-=-=-
> >
> >Modified files:
> >
> >Index: xsrc/external/mit/xf86-video-r128/dist/src/r128_driver.c
> >diff -u xsrc/external/mit/xf86-video-r128/dist/src/r128_driver.c:1.9
> >xsrc/external/mit/xf86-video-r128/dist/src/r128_driver.c:1.10
> >--- xsrc/external/mit/xf86-video-r128/dist/src/r128_driver.c:1.9	Wed Mar
> >19 23:56:47 2014
> >+++ xsrc/external/mit/xf86-video-r128/dist/src/r128_driver.c	Tue Jul  7
> >00:55:52 2015
> >@@ -1625,6 +1625,8 @@ static int R128ValidateFPModes(ScrnInfoP
> >         pScrn->display->modes[0] = xnfalloc(16);
> >         sprintf(pScrn->display->modes[0], "%dx%d",
> >                info->PanelXRes, info->PanelYRes);
> >+        /* don't forget to NULL terminate */
> >+        pScrn->display->modes[1] = NULL;
> 
> Pick up a magic number 16, and then use sprintf instead of snprintf ->
> Welcome to the wonderful world of buffer overflow...

I didn't even look at that, I bet lots more Xorg drivers are full of
stuff like that.

have fun
Michael

References:
- Re: CVS commit: xsrc/external/mit/xf86-video-r128/dist/src
  - From: Christos Zoulas

Prev by Date: Re: CVS commit: xsrc/external/mit/xf86-video-r128/dist/src
Next by Date: Re: CVS commit: src/sys/arch/amd64/amd64
Previous by Thread: Re: CVS commit: xsrc/external/mit/xf86-video-r128/dist/src
Indexes:

Home | Main Index | Thread Index | Old Index