[Mesa-dev] [PATCH] gallium/aux/hud: Avoid possible buffer overflow
Marek Olšák
maraeo at gmail.com
Mon Mar 5 16:41:25 UTC 2018
Pushed, thanks!
Marek
On Wed, Feb 28, 2018 at 8:50 AM, Gert Wollny <gw.fossdev at gmail.com> wrote:
> Limit the length of acceptable cpu names for use in hud_get_num_cpufreq
> in order to avoid a buffer overflow later in add_object when this name
> is copied into cpufreq_info::name.
>
> Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=105274
> Signed-off-by: Gert Wollny <gw.fossdev at gmail.com>
> ---
> Submitter has no git write access.
> src/gallium/auxiliary/hud/hud_cpufreq.c | 10 +++++++---
> 1 file changed, 7 insertions(+), 3 deletions(-)
>
> diff --git a/src/gallium/auxiliary/hud/hud_cpufreq.c b/src/gallium/auxiliary/hud/hud_cpufreq.c
> index 78a660795c..04f69231eb 100644
> --- a/src/gallium/auxiliary/hud/hud_cpufreq.c
> +++ b/src/gallium/auxiliary/hud/hud_cpufreq.c
> @@ -207,8 +207,12 @@ hud_get_num_cpufreq(bool displayhelp)
>
> while ((dp = readdir(dir)) != NULL) {
>
> - /* Avoid 'lo' and '..' and '.' */
> - if (strlen(dp->d_name) <= 2)
> + size_t d_name_len = strlen(dp->d_name);
> +
> + /* Avoid 'lo' and '..' and '.', and avoid overlong names that
> + * would result in a buffer overflow in add_object.
> + */
> + if (d_name_len <= 2 || d_name_len > 15)
> continue;
>
> if (sscanf(dp->d_name, "cpu%d\n", &cpu_index) != 1)
> --
> 2.16.1
>
> _______________________________________________
> mesa-dev mailing list
> mesa-dev at lists.freedesktop.org
> https://lists.freedesktop.org/mailman/listinfo/mesa-dev
More information about the mesa-dev
mailing list