[Mesa-dev] [PATCH] vl: Fix off-by-one error in device_name_length allocation.

Michel Dänzer michel at daenzer.net
Fri Feb 22 00:27:12 PST 2013


On Fre, 2013-02-22 at 07:44 +0100, Vinson Lee wrote: 
> Fixes out-of-bounds write reported by Coverity.
> 
> Signed-off-by: Vinson Lee <vlee at freedesktop.org>
> ---
>  src/gallium/auxiliary/vl/vl_winsys_dri.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/src/gallium/auxiliary/vl/vl_winsys_dri.c b/src/gallium/auxiliary/vl/vl_winsys_dri.c
> index 560c914..59c02bc 100644
> --- a/src/gallium/auxiliary/vl/vl_winsys_dri.c
> +++ b/src/gallium/auxiliary/vl/vl_winsys_dri.c
> @@ -338,7 +338,7 @@ vl_screen_create(Display *display, int screen)
>        goto free_screen;
>  
>     device_name_length = xcb_dri2_connect_device_name_length(connect);
> -   device_name = CALLOC(1, device_name_length);
> +   device_name = CALLOC(1, device_name_length + 1);
>     memcpy(device_name, xcb_dri2_connect_device_name(connect), device_name_length);
>     device_name[device_name_length] = 0;

This last assignment looks superfluous now.


-- 
Earthling Michel Dänzer           |                   http://www.amd.com
Libre software enthusiast         |          Debian, X and DRI developer


More information about the mesa-dev mailing list