os: color: fix possible buffer overflow vulnerability
The old approach of builtin color lookup used a binary search of strings within text blocks (their start offsets defined in the color array). This could potentially lead to buffer overflow, if the requested color name far outreaches the text block (eg. same prefix as some entry near to the end, but really huge). This alone wouldn't allow remote memory readout (just comparing), but could possibly trigger page faults (sigsegv) or used as a building block for some more complex attack. OTOH, the old approach is also hard to maintain, ugly programming style: on each change, all the offset need to be carefully recounted, which is pretty error-prone. Both problems are solved by moving to simple, per-entry, char* pointers, instead of the one large text block. Signed-off-by: Enrico Weigelt, metux IT consult <info@metux.net> Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/1313>
This commit is contained in:
		
							parent
							
								
									7a010beefe
								
							
						
					
					
						commit
						8c4a015cc2
					
				
							
								
								
									
										2391
									
								
								os/oscolor.c
								
								
								
								
							
							
						
						
									
										2391
									
								
								os/oscolor.c
								
								
								
								
							
										
											
												File diff suppressed because it is too large
												Load Diff
											
										
									
								
							
		Loading…
	
		Reference in New Issue