[PATCH libdrm] drm: Avoid out of bound write in drmOpenByName()
Damien Lespiau
damien.lespiau at intel.com
Mon Dec 1 06:07:03 PST 2014
In the fallback code that looks for devices in /proc, the read() may
return with -1 in case of error (interruption from a signal for
instance). We'll then happily write '\0' to buf[-2].
As we didn't really care about the signal interruption before, I kept it
the same way, just making sure that retcode is > 0 to avoid that case.
This was found by static analysis.
Signed-off-by: Damien Lespiau <damien.lespiau at intel.com>
---
xf86drm.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/xf86drm.c b/xf86drm.c
index d900b4b..106b8ab 100644
--- a/xf86drm.c
+++ b/xf86drm.c
@@ -579,7 +579,7 @@ static int drmOpenByName(const char *name)
if ((fd = open(proc_name, 0, 0)) >= 0) {
retcode = read(fd, buf, sizeof(buf)-1);
close(fd);
- if (retcode) {
+ if (retcode > 0) {
buf[retcode-1] = '\0';
for (driver = pt = buf; *pt && *pt != ' '; ++pt)
;
--
1.8.3.1
More information about the dri-devel
mailing list