Mesa (master): Avoid overflow in 'last' variable of FindGLXFunction(...)

[Emil Velikov]

Module: Mesa
Branch: master
Commit: 27ef7bfd6cd2d960844f4c79d6dddc0bda0b20b0
URL:    http://cgit.freedesktop.org/mesa/mesa/commit/?id=27ef7bfd6cd2d960844f4c79d6dddc0bda0b20b0

Author: Stefan Dirsch <sndirsch at suse.de>
Date:   Thu Jul 14 15:21:20 2016 +0200

Avoid overflow in 'last' variable of FindGLXFunction(...)

This 'last' variable used in FindGLXFunction(...) may become negative,
but has been defined as unsigned int resulting in an overflow,
finally resulting in a segfault when accessing _glXDispatchTableStrings[...].
Fixed this by definining it as signed int. 'first' variable also needs to be
defined as signed int. Otherwise condition for while loop fails due to C
implicitly converting signed to unsigned values before comparison.

Cc: <mesa-stable at lists.freedesktop.org>
Signed-off-by: Stefan Dirsch <sndirsch at suse.de>
Reviewed-by: Eric Engestrom <eric.engestrom at imgtec.com>
Reviewed-by: Emil Velikov <emil.velikov at collabora.com>

---

 src/glx/glxglvnd.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/glx/glxglvnd.c b/src/glx/glxglvnd.c
index b7252a7..962eda8 100644
--- a/src/glx/glxglvnd.c
+++ b/src/glx/glxglvnd.c
@@ -19,11 +19,11 @@ static void *__glXGLVNDGetProcAddress(const GLubyte *procName)
 
 static unsigned FindGLXFunction(const GLubyte *name)
 {
-    unsigned first = 0;
-    unsigned last = DI_FUNCTION_COUNT - 1;
+    int first = 0;
+    int last = DI_FUNCTION_COUNT - 1;
 
     while (first <= last) {
-        unsigned middle = (first + last) / 2;
+        int middle = (first + last) / 2;
         int comp = strcmp((const char *) name,
                           __glXDispatchTableStrings[middle]);