[Mesa-dev] [Bug 106836] Out of bounds array access in FindProcIndex
bugzilla-daemon at freedesktop.org
bugzilla-daemon at freedesktop.org
Mon Jun 11 11:28:28 UTC 2018
https://bugs.freedesktop.org/show_bug.cgi?id=106836
Eric Engestrom <fdo-bugs at engestrom.ch> changed:
What |Removed |Added
----------------------------------------------------------------------------
Resolution|--- |FIXED
Status|NEW |RESOLVED
--- Comment #2 from Eric Engestrom <fdo-bugs at engestrom.ch> ---
pushed:
commit 41642bdbca007035772fbfdc311f14daa5510d5d
Author: Kyle Brenneman <kbrenneman at nvidia.com>
Date: Wed Jun 6 09:08:47 2018 -0600
egl/glvnd: Fix a segfault in eglGetProcAddress.
If FindProcIndex in egldispatchstubs.c is called with a name that's less
than
the first entry in the array, it would end up trying to store an index of
-1 in
an unsigned integer, wrap around to 2^32, and then crash when it tries to
look
that up.
Change FindProcIndex so that it uses bsearch(3) instead of implementing its
own
binary search, like the GLX equivalent FindGLXFunction does.
Reviewed-by: Eric Engestrom <eric.engestrom at intel.com>
--
You are receiving this mail because:
You are the QA Contact for the bug.
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/mesa-dev/attachments/20180611/2d824781/attachment.html>
More information about the mesa-dev
mailing list