Mesa (master): gallium/aux/hud: Avoid possible buffer overflow

[Marek Olšák]

Module: Mesa
Branch: master
Commit: 9a0d7bb48c93e7d0109751469a8b32c94e85bc24
URL:    http://cgit.freedesktop.org/mesa/mesa/commit/?id=9a0d7bb48c93e7d0109751469a8b32c94e85bc24

Author: Gert Wollny <gw.fossdev at gmail.com>
Date:   Wed Feb 28 14:50:21 2018 +0100

gallium/aux/hud: Avoid possible buffer overflow

Limit the length of acceptable cpu names for use in hud_get_num_cpufreq
in order to avoid a buffer overflow later in add_object when this name
is copied into cpufreq_info::name.

Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=105274
Signed-off-by: Gert Wollny <gw.fossdev at gmail.com>
Signed-off-by: Marek Olšák <marek.olsak at amd.com>

---

 src/gallium/auxiliary/hud/hud_cpufreq.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/src/gallium/auxiliary/hud/hud_cpufreq.c b/src/gallium/auxiliary/hud/hud_cpufreq.c
index 78a660795c..d3cf2019c3 100644
--- a/src/gallium/auxiliary/hud/hud_cpufreq.c
+++ b/src/gallium/auxiliary/hud/hud_cpufreq.c
@@ -207,8 +207,12 @@ hud_get_num_cpufreq(bool displayhelp)
 
    while ((dp = readdir(dir)) != NULL) {
 
-      /* Avoid 'lo' and '..' and '.' */
-      if (strlen(dp->d_name) <= 2)
+      size_t d_name_len = strlen(dp->d_name);
+
+      /* Avoid 'lo' and '..' and '.', and avoid overlong names that
+       * would  result in a buffer overflow in add_object.
+       */
+      if (d_name_len <= 2 || d_name_len > 15)
          continue;
 
       if (sscanf(dp->d_name, "cpu%d\n", &cpu_index) != 1)