[Mesa-dev] [Bug 106836] Out of bounds array access in FindProcIndex

bugzilla-daemon at freedesktop.org bugzilla-daemon at freedesktop.org
Mon Jun 11 11:28:28 UTC 2018


Eric Engestrom <fdo-bugs at engestrom.ch> changed:

           What    |Removed                     |Added
         Resolution|---                         |FIXED
             Status|NEW                         |RESOLVED

--- Comment #2 from Eric Engestrom <fdo-bugs at engestrom.ch> ---

commit 41642bdbca007035772fbfdc311f14daa5510d5d
Author: Kyle Brenneman <kbrenneman at nvidia.com>
Date:   Wed Jun 6 09:08:47 2018 -0600

    egl/glvnd: Fix a segfault in eglGetProcAddress.

    If FindProcIndex in egldispatchstubs.c is called with a name that's less
    the first entry in the array, it would end up trying to store an index of
-1 in
    an unsigned integer, wrap around to 2^32, and then crash when it tries to
    that up.

    Change FindProcIndex so that it uses bsearch(3) instead of implementing its
    binary search, like the GLX equivalent FindGLXFunction does.

    Reviewed-by: Eric Engestrom <eric.engestrom at intel.com>

You are receiving this mail because:
You are the QA Contact for the bug.
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/mesa-dev/attachments/20180611/2d824781/attachment.html>

More information about the mesa-dev mailing list