diff options
Diffstat (limited to 'common/recipes-graphics/drm/libdrm-2.4.66/0011-xf86drm-Bound-strstr-to-the-allocated-data.patch')
-rw-r--r-- | common/recipes-graphics/drm/libdrm-2.4.66/0011-xf86drm-Bound-strstr-to-the-allocated-data.patch | 44 |
1 files changed, 44 insertions, 0 deletions
diff --git a/common/recipes-graphics/drm/libdrm-2.4.66/0011-xf86drm-Bound-strstr-to-the-allocated-data.patch b/common/recipes-graphics/drm/libdrm-2.4.66/0011-xf86drm-Bound-strstr-to-the-allocated-data.patch new file mode 100644 index 00000000..ecb7325a --- /dev/null +++ b/common/recipes-graphics/drm/libdrm-2.4.66/0011-xf86drm-Bound-strstr-to-the-allocated-data.patch @@ -0,0 +1,44 @@ +From 3627f38da9fad7db7fef2a0c6d0faf706c2e21d6 Mon Sep 17 00:00:00 2001 +From: Damien Lespiau <damien.lespiau@intel.com> +Date: Fri, 22 Jan 2016 12:41:55 +0000 +Subject: [PATCH 011/117] xf86drm: Bound strstr() to the allocated data +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +We are reading at most sizeof(data) bytes, but then data may not contain +a terminating '\0', at least in theory, so strstr() may overflow the +stack allocated array. + +Make sure that data always contains at least one '\0'. + +Signed-off-by: Damien Lespiau <damien.lespiau@intel.com> +Reviewed-by: Ville Syrjälä <ville.syrjala@linux.intel.com> +--- + xf86drm.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/xf86drm.c b/xf86drm.c +index 7e28b4f..5f587d9 100644 +--- a/xf86drm.c ++++ b/xf86drm.c +@@ -2863,7 +2863,7 @@ static int drmParsePciBusInfo(int maj, int min, drmPciBusInfoPtr info) + { + #ifdef __linux__ + char path[PATH_MAX + 1]; +- char data[128]; ++ char data[128 + 1]; + char *str; + int domain, bus, dev, func; + int fd, ret; +@@ -2874,6 +2874,7 @@ static int drmParsePciBusInfo(int maj, int min, drmPciBusInfoPtr info) + return -errno; + + ret = read(fd, data, sizeof(data)); ++ data[128] = '\0'; + close(fd); + if (ret < 0) + return -errno; +-- +2.7.4 + |