[Mesa-dev] Truncated extensions string
José Fonseca
jfonseca at vmware.com
Tue Mar 15 08:29:47 PDT 2011
On Sat, 2011-03-12 at 01:22 -0800, Kenneth Graunke wrote:
> On Friday, March 11, 2011 01:23:12 PM Patrick Baggett wrote:
> > I feel like there is some kind of underlying lesson that we, OpenGL app
> > programmers, should be getting out of this...
>
> Yes. Don't blindly copy abitrary amounts of data into a fixed size buffer. :)
> I hate to be trite, but that -is- the entire problem: a classic buffer overflow,
> the kind we warn people about in early programming courses.
There is no buffer overflow, just truncation, e.g., as if strncpy is
used.
The crash I saw is most likely because the truncated extensions string
either has an inconsistent set of extensions or it is missing a very
basic extension.
> As Ian pointed
> out, it's absolutely trivial to do this correctly: if you're going to
copy it,
> just malloc a buffer that's the correct size.
Indeed.
Jose
More information about the mesa-dev
mailing list