[Mesa-dev] [PATCH glx/glxglvnd] Avoid overflow in 'last' variable of FindGLXFunction(...)
Stefan Dirsch
sndirsch at suse.de
Thu Jul 14 13:21:20 UTC 2016
This 'last' variable used in FindGLXFunction(...) may become negative,
but has been defined as unsigned int resulting in an overflow,
finally resulting in a segfault when accessing _glXDispatchTableStrings[...].
Fixed this by definining it as signed int. 'first' variable also needs to be
defined as signed int. Otherwise condition for while loop fails due to C
implicitly converting signed to unsigned values before comparison.
Signed-off-by: Stefan Dirsch <sndirsch at suse.de>
---
src/glx/glxglvnd.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/src/glx/glxglvnd.c b/src/glx/glxglvnd.c
index b7252a7..962eda8 100644
--- a/src/glx/glxglvnd.c
+++ b/src/glx/glxglvnd.c
@@ -19,11 +19,11 @@ static void *__glXGLVNDGetProcAddress(const GLubyte *procName)
static unsigned FindGLXFunction(const GLubyte *name)
{
- unsigned first = 0;
- unsigned last = DI_FUNCTION_COUNT - 1;
+ int first = 0;
+ int last = DI_FUNCTION_COUNT - 1;
while (first <= last) {
- unsigned middle = (first + last) / 2;
+ int middle = (first + last) / 2;
int comp = strcmp((const char *) name,
__glXDispatchTableStrings[middle]);
--
2.6.6
More information about the mesa-dev
mailing list