frederik
/
xserver
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
xserver/hw/xfree86
History
Alan Coopersmith b680bda34d Fix a couple off-by-one array boundary checks. 
Error: Write outside array bounds at Xext/geext.c:406
        in function 'GEWindowSetMask' [Symbolic analysis]
       In array dereference of cli->nextSib[extension] with index 'extension'
       Array size is 128 elements (of 4 bytes each), index <= 128

Error: Buffer overflow at dix/events.c:592
	in function 'SetMaskForEvent' [Symbolic analysis]
       In array dereference of filters[deviceid] with index 'deviceid'
       Array size is 20 elements (of 512 bytes each), index >= 0 and index <= 20

Error: Read buffer overflow at hw/xfree86/loader/loader.c:226
	in function 'LoaderOpen' [Symbolic analysis]
       In array dereference of refCount[new_handle] with index 'new_handle'
       Array size is 256 elements (of 4 bytes each), index >= 1 and index <= 256

These bugs were found using the Parfait source code analysis tool.
For more information see http://research.sun.com/projects/parfait

Signed-off-by: Alan Coopersmith <alan.coopersmith@sun.com>
Signed-off-by: Adam Jackson <ajax@redhat.com>
Acked-by: Peter Hutterer <peter.hutterer@who-t.net>
 		2009-05-08 12:27:11 -07:00
..
common xfree86: fix xf86PostMotionEventP type checking 2009-05-08 14:24:12 +10:00
ddc DDC: Redo extended device probe slightly. 2009-02-27 12:45:19 -05:00
dixmods Fix most remaining deprecated resource lookups. 2009-04-29 01:04:37 -04:00
doc xfree86: restore default off for DontZap 2009-04-28 16:17:16 +10:00
dri Fix most remaining deprecated resource lookups. 2009-04-29 01:04:37 -04:00
dri2 DRI2: Force allocation of real-front buffer for non-windows as well 2009-05-01 09:47:12 -07:00
exa Revert "EXA: Handle separate alpha maps properly in Composite fallback." 2009-02-27 16:37:27 +01:00
fbdevhw fbdevHWGetRec() doesn't return the private data 2009-02-04 09:53:03 +10:00
i2c Use libtool convenience libraries and better "symbol" table. 2008-12-07 02:22:19 -02:00
int10 Fix "warning: XXX defined but not used" 2009-02-04 09:41:40 +10:00
loader Fix a couple off-by-one array boundary checks. 2009-05-08 12:27:11 -07:00
modes Don't prepare outputs & crtcs if set_mode_major is present 2009-05-04 15:38:22 -07:00
os-support Solaris: use <sys/agpgart.h> instead of stale copy in Xorg sources 2009-04-27 21:08:35 -07:00
parser config: fix crash caused by strdup(NULL) 2009-04-09 02:29:28 -04:00
ramdac xfree86: ANSI cleanups 2009-01-11 08:54:11 +01:00
shadowfb xfree86: don't mix declarations and code 2009-01-11 08:54:11 +01:00
utils Make cvt complain about invalid arguments more often. 2009-01-06 08:58:53 -08:00
vbe Rework symbol visibility for easier maintenance 2008-12-03 05:43:34 -02:00
vgahw Fix most remaining deprecated resource lookups. 2009-04-29 01:04:37 -04:00
x86emu Convert libx86emu.a to a "libtool convenience library". 2008-12-07 18:31:32 -02:00
xaa Don't enable XAA offscreen pixmaps with Option "XaaOffscreenPixmaps" "no". 2009-02-03 13:49:19 -08:00
xf8_16bpp Rework symbol visibility for easier maintenance 2008-12-03 05:43:34 -02:00
Makefile.am dix: remove all but main() from main.c 2009-04-28 15:57:14 +10:00
xorgconf.cpp Update sample xorg.conf file 2008-12-02 14:35:45 -08:00