[Mesa-dev] [Bug 106836] Out of bounds array access in FindProcIndex
bugzilla-daemon at freedesktop.org
bugzilla-daemon at freedesktop.org
Wed Jun 6 10:07:22 UTC 2018
https://bugs.freedesktop.org/show_bug.cgi?id=106836
Bug ID: 106836
Summary: Out of bounds array access in FindProcIndex
Product: Mesa
Version: git
Hardware: All
OS: Linux (All)
Status: NEW
Severity: major
Priority: medium
Component: EGL
Assignee: mesa-dev at lists.freedesktop.org
Reporter: yogishk at nvidia.com
QA Contact: mesa-dev at lists.freedesktop.org
Created attachment 140049
--> https://bugs.freedesktop.org/attachment.cgi?id=140049&action=edit
Fix out of bounds array access in FindProcIndex
When name passed to FindProcIndex() is not present in array
__EGL_DISPATCH_FUNC_NAMES, "last" can become -1. But since it is declared as
unsigned "while (first <= last)" check will get pass and
_EGL_DISPATCH_FUNC_NAMES[] will be accessed out of the bounds.
When application try to look egl* API using eglGetProcAddress(), glvnd will try
to set dispatch index by calling __eglSetDispatchIndex()for each vendor. When
mesa's __eglSetDispatchIndex() is called and if egl API is not present in
__EGL_DISPATCH_FUNC_NAMES, application will crash.
--
You are receiving this mail because:
You are the assignee for the bug.
You are the QA Contact for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/mesa-dev/attachments/20180606/6dfbc292/attachment.html>
More information about the mesa-dev
mailing list