[Intel-gfx] [BUG] Intel xorg driver 2.20.2 overlay off-by-one bug
Chris Wilson
chris at chris-wilson.co.uk
Mon Aug 13 20:27:23 CEST 2012
On Sun, 12 Aug 2012 10:01:44 +0100, Russell King - ARM Linux <linux at arm.linux.org.uk> wrote:
> While reading through the Intel driver code, I spotted this in
> I830SetPortAttributeOverlay:
>
> } else if (attribute == xvPipe) {
> xf86CrtcConfigPtr xf86_config = XF86_CRTC_CONFIG_PTR(scrn);
> if ((value < -1) || (value > xf86_config->num_crtc))
> return BadValue;
> if (value < 0)
> adaptor_priv->desired_crtc = NULL;
> else
> adaptor_priv->desired_crtc = xf86_config->crtc[value];
>
> This allows value == xf86_config->num_crtc to be valid, which would be
> the CRTC number _after_ the last one in the array. Presumably this is
> not desired, and the test should be ">=".
Thanks for bringing this to our attention and poking Dave, who promptly
pushed a patch to fix the bug.
-Chris
--
Chris Wilson, Intel Open Source Technology Centre
More information about the Intel-gfx
mailing list