frederik
/
xserver
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Allocate enough room for both reset & flags attributes 

ctx_attribs had room for 3 pairs of attributes, but if both flags & reset
attributes were being returned it was storing 4 pairs in the array.

Found by Coverity #53442:  Out-of-bounds write
This could cause an immediate crash or incorrect computations.
In create_driver_context: Out-of-bounds write to a buffer (CWE-119)

Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Adam Jackson <ajax@redhat.com>
Signed-off-by: Keith Packard <keithp@keithp.com>
This commit is contained in:
Alan Coopersmith 2014-10-09 05:42:08 -07:00 committed by Keith Packard
parent cffd4e4a4e
commit 7e5bc49d1e
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
glx/glxdri2.c
View File

@ -475,7 +475,7 @@ create_driver_context(__GLXDRIcontext * context,
context->driContext = NULL;
if (screen->dri2->base.version >= 3) {
uint32_t ctx_attribs[3 * 2];
uint32_t ctx_attribs[4 * 2];
unsigned num_ctx_attribs = 0;
unsigned dri_err = 0;
unsigned major_ver;
@ -510,6 +510,8 @@ create_driver_context(__GLXDRIcontext * context,
__DRI_CTX_ATTRIB_RESET_STRATEGY;
ctx_attribs[num_ctx_attribs++] = reset;
}
assert(num_ctx_attribs <= ARRAY_SIZE(ctx_attribs));
}
context->driContext =