1 files changed, 44 insertions, 0 deletions

diff --git a/common/recipes-graphics/drm/libdrm-2.4.66/0011-xf86drm-Bound-strstr-to-the-allocated-data.patch b/common/recipes-graphics/drm/libdrm-2.4.66/0011-xf86drm-Bound-strstr-to-the-allocated-data.patch
new file mode 100644
index 00000000..ecb7325a
--- /dev/null
+++ b/common/recipes-graphics/drm/libdrm-2.4.66/0011-xf86drm-Bound-strstr-to-the-allocated-data.patch
@@ -0,0 +1,44 @@
+From 3627f38da9fad7db7fef2a0c6d0faf706c2e21d6 Mon Sep 17 00:00:00 2001
+From: Damien Lespiau <damien.lespiau@intel.com>
+Date: Fri, 22 Jan 2016 12:41:55 +0000
+Subject: [PATCH 011/117] xf86drm: Bound strstr() to the allocated data
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+We are reading at most sizeof(data) bytes, but then data may not contain
+a terminating '\0', at least in theory, so strstr() may overflow the
+stack allocated array.
+
+Make sure that data always contains at least one '\0'.
+
+Signed-off-by: Damien Lespiau <damien.lespiau@intel.com>
+Reviewed-by: Ville Syrjälä <ville.syrjala@linux.intel.com>
+---
+ xf86drm.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/xf86drm.c b/xf86drm.c
+index 7e28b4f..5f587d9 100644
+--- a/xf86drm.c
++++ b/xf86drm.c
+@@ -2863,7 +2863,7 @@ static int drmParsePciBusInfo(int maj, int min, drmPciBusInfoPtr info)
+ {
+ #ifdef __linux__
+     char path[PATH_MAX + 1];
+-    char data[128];
++    char data[128 + 1];
+     char *str;
+     int domain, bus, dev, func;
+     int fd, ret;
+@@ -2874,6 +2874,7 @@ static int drmParsePciBusInfo(int maj, int min, drmPciBusInfoPtr info)
+         return -errno;
+ 
+     ret = read(fd, data, sizeof(data));
++    data[128] = '\0';
+     close(fd);
+     if (ret < 0)
+         return -errno;
+-- 
+2.7.4
+