[PATCH 1/2] compositor-drm: Ensure strings from EDID blobs are null terminated
Derek Foreman
derekf at osg.samsung.com
Wed Sep 2 12:03:31 PDT 2015
On 28/08/15 03:04 PM, Bryce Harrington wrote:
> strncpy only adds null terminating bytes if the source string is smaller
> than the destination string. Since this function relies on the string
> being null terminated when checking its contents, we better make sure
> there is at least a \0 as the last character.
>
> Signed-off-by: Bryce Harrington <bryce at osg.samsung.com>
Already talked about this on irc... if you look reaaaaally hard you can
prove that this is ok because the only places that currently call
edid_parse_string() use it on 13 byte long arrays that are cleared to 0
on allocation.
I think that's way too much investigation to make sure the calls are
correct, so I like this change.
Reviewed-by: Derek Foreman <derekf at osg.samsung.com>
> ---
> src/compositor-drm.c | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/src/compositor-drm.c b/src/compositor-drm.c
> index f5f125a..70a3729 100644
> --- a/src/compositor-drm.c
> +++ b/src/compositor-drm.c
> @@ -1933,6 +1933,9 @@ edid_parse_string(const uint8_t *data, char text[])
> * terminated or not junk. */
> strncpy(text, (const char *) data, 12);
>
> + /* guarantee our new string is null-terminated */
> + text[12] = '\0';
> +
> /* remove insane chars */
> for (i = 0; text[i] != '\0'; i++) {
> if (text[i] == '\n' ||
>
More information about the wayland-devel
mailing list