From e81031f3fda0f8b4237224b13c016759eaa52449 Mon Sep 17 00:00:00 2001
From: Jeff Smith <whydoubt@gmail.com>
Date: Sun, 4 Feb 2018 23:17:53 -0600
Subject: [PATCH] xfree86: Allocate sufficienct space for dev2screen array

When the dev2screen is sized to xf86NumDrivers in DoConfigure(),
subsequent code may attempt to write past the end of the array.

Size the dev2screen array to nDevToConfig instead.

Signed-off-by: Jeff Smith <whydoubt@gmail.com>
Reviewed-by: Adam Jackson <ajax@redhat.com>
---
 hw/xfree86/common/xf86Configure.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/xfree86/common/xf86Configure.c b/hw/xfree86/common/xf86Configure.c
index 672cfd6e8..1b1928b17 100644
--- a/hw/xfree86/common/xf86Configure.c
+++ b/hw/xfree86/common/xf86Configure.c
@@ -702,7 +702,7 @@ DoConfigure(void)
 
     xf86DoConfigurePass1 = FALSE;
 
-    dev2screen = xnfcalloc(xf86NumDrivers, sizeof(int));
+    dev2screen = xnfcalloc(nDevToConfig, sizeof(int));
 
     {
         Bool *driverProbed = xnfcalloc(xf86NumDrivers, sizeof(Bool));