[Mesa-dev] [PATCH] vl: Fix off-by-one error in device_name_length allocation.

Vinson Lee vlee at freedesktop.org
Thu Feb 21 22:44:07 PST 2013


Fixes out-of-bounds write reported by Coverity.

Signed-off-by: Vinson Lee <vlee at freedesktop.org>
---
 src/gallium/auxiliary/vl/vl_winsys_dri.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/gallium/auxiliary/vl/vl_winsys_dri.c b/src/gallium/auxiliary/vl/vl_winsys_dri.c
index 560c914..59c02bc 100644
--- a/src/gallium/auxiliary/vl/vl_winsys_dri.c
+++ b/src/gallium/auxiliary/vl/vl_winsys_dri.c
@@ -338,7 +338,7 @@ vl_screen_create(Display *display, int screen)
       goto free_screen;
 
    device_name_length = xcb_dri2_connect_device_name_length(connect);
-   device_name = CALLOC(1, device_name_length);
+   device_name = CALLOC(1, device_name_length + 1);
    memcpy(device_name, xcb_dri2_connect_device_name(connect), device_name_length);
    device_name[device_name_length] = 0;
    fd = open(device_name, O_RDWR);
-- 
1.8.1.2



More information about the mesa-dev mailing list