[BUG] Intel xorg driver 2.20.2 overlay off-by-one bug
Russell King - ARM Linux
linux at arm.linux.org.uk
Sun Aug 12 02:01:44 PDT 2012
While reading through the Intel driver code, I spotted this in
I830SetPortAttributeOverlay:
} else if (attribute == xvPipe) {
xf86CrtcConfigPtr xf86_config = XF86_CRTC_CONFIG_PTR(scrn);
if ((value < -1) || (value > xf86_config->num_crtc))
return BadValue;
if (value < 0)
adaptor_priv->desired_crtc = NULL;
else
adaptor_priv->desired_crtc = xf86_config->crtc[value];
This allows value == xf86_config->num_crtc to be valid, which would be
the CRTC number _after_ the last one in the array. Presumably this is
not desired, and the test should be ">=".
More information about the dri-devel
mailing list