Mesa (master): gallium/aux/hud: Avoid possible buffer overflow
Marek Olšák
mareko at kemper.freedesktop.org
Mon Mar 5 16:39:24 UTC 2018
Module: Mesa
Branch: master
Commit: 9a0d7bb48c93e7d0109751469a8b32c94e85bc24
URL: http://cgit.freedesktop.org/mesa/mesa/commit/?id=9a0d7bb48c93e7d0109751469a8b32c94e85bc24
Author: Gert Wollny <gw.fossdev at gmail.com>
Date: Wed Feb 28 14:50:21 2018 +0100
gallium/aux/hud: Avoid possible buffer overflow
Limit the length of acceptable cpu names for use in hud_get_num_cpufreq
in order to avoid a buffer overflow later in add_object when this name
is copied into cpufreq_info::name.
Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=105274
Signed-off-by: Gert Wollny <gw.fossdev at gmail.com>
Signed-off-by: Marek Olšák <marek.olsak at amd.com>
---
src/gallium/auxiliary/hud/hud_cpufreq.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/src/gallium/auxiliary/hud/hud_cpufreq.c b/src/gallium/auxiliary/hud/hud_cpufreq.c
index 78a660795c..d3cf2019c3 100644
--- a/src/gallium/auxiliary/hud/hud_cpufreq.c
+++ b/src/gallium/auxiliary/hud/hud_cpufreq.c
@@ -207,8 +207,12 @@ hud_get_num_cpufreq(bool displayhelp)
while ((dp = readdir(dir)) != NULL) {
- /* Avoid 'lo' and '..' and '.' */
- if (strlen(dp->d_name) <= 2)
+ size_t d_name_len = strlen(dp->d_name);
+
+ /* Avoid 'lo' and '..' and '.', and avoid overlong names that
+ * would result in a buffer overflow in add_object.
+ */
+ if (d_name_len <= 2 || d_name_len > 15)
continue;
if (sscanf(dp->d_name, "cpu%d\n", &cpu_index) != 1)
More information about the mesa-commit
mailing list