patch: libXt-1.0.8 fix possible array overflow

Pat Kane pekane52 at gmail.com
Thu Sep 23 10:47:07 PDT 2010

Previous message: patch: libXt-1.0.8 fix possible array overflow
Next message: patch: libXt-1.0.8 fix possible array overflow
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

In the original code if 'i' is equal to 10 then the line
   (void) memmove((char*)par, (char*)params, i * sizeof(String) );
moves ten things, which is okay.

The next line:
   bzero( &par[i], (10-i) * sizeof(String) );
moves zero things to a bad address, which is probably okay,
but I bet some code checker would complain.

The code is very ugly.

Pat
---

Previous message: patch: libXt-1.0.8 fix possible array overflow
Next message: patch: libXt-1.0.8 fix possible array overflow
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the xorg-devel mailing list