[PATCH xorg-server] Fix xf86EdidModes.c: array subscript is above array bounds
Torsten Kaiser
just.for.lkml at googlemail.com
Thu Jul 5 23:06:10 PDT 2012
On Fri, Jul 6, 2012 at 2:45 AM, Peter Hutterer <peter.hutterer at who-t.net> wrote:
> On Thu, Jul 05, 2012 at 04:37:39PM -0700, Keith Packard wrote:
>> Torsten Kaiser <just.for.lkml at googlemail.com> writes:
>>
>> > With this optimization level gcc notices, that the loop in function
>> > DDCModesFromEstIII() would go until i=5 and j=1 which would result in
>> > m = (5 * 8) + (7 - 1) = 46, but the array EstIIIModes[] only contains
>> > 44 elements.
>>
>> I'd like Adam's opinion; he wrote the original code and is the best
>> person to verify that this does what the spec requires. On the face of
>> it, it looks right to me though...
My guess would be, that these bits where reserved in the spec and
should never been set.
But gcc can't know this and complains about the possible accesses.
While the new code still looks at these bits, it will always ignore
them, so it should be safe wrt.
the spec. Except if the spec says, that if any of these bits are set,
then the interpretation of the
other bits should change. But then the old code would be broken in the same way.
> I'm not a big fan of fixing two separate bugs in one patches though, I'd
> prefer to split out the out-of-bounds from the skipping last mode issue.
>
> Reviewed-by: Peter Hutterer <peter.hutterer at who-t.net> otherwise
Thanks for the review, split patches are now available at
https://bugs.freedesktop.org/show_bug.cgi?id=45623
The two issues where just located so near each other, that I fixed
them in one go.
Torsten
More information about the xorg-devel
mailing list