820d9040f5
The patch below fixes a potential buffer overflow in xf86addComment().
This occurs if curlen > 0 && eol_seen == 0 && iscomment == 0 , as
follows from the code:
char *xf86addComment(char *cur, char *add)
<...>
len = strlen(add);
endnewline = add[len - 1] == '\n';
len += 1 + iscomment + (!hasnewline) + (!endnewline) + eol_seen;
if ((str = realloc(cur, len + curlen)) == NULL)
return cur;
cur = str;
if (eol_seen || (curlen && !hasnewline))
cur[curlen++] = '\n';
if (!iscomment)
cur[curlen++] = '#';
strcpy(cur + curlen, add);
if (!endnewline)
strcat(cur, "\n");
Signed-off-by: Servaas Vandenberghe <vdb@picaros.org>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
[whot: added buffer overflow test case]
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
|
||
|---|---|---|
| .. | ||
| dmx | ||
| kdrive | ||
| vfb | ||
| xfree86 | ||
| xnest | ||
| xquartz | ||
| xwin | ||
| Makefile.am | ||