[PATCH 1/5] Xdmx: integer overflow in GetGLXVisualConfigs()
Julien Cristau
jcristau at debian.org
Sat Jun 1 02:47:04 PDT 2013
On Thu, May 23, 2013 at 09:27:26 -0700, Alan Coopersmith wrote:
> @@ -92,15 +96,16 @@ GetGLXVisualConfigs(Display * dpy, int screen, int *nconfigs)
> }
>
> /* Allocate memory for our config structure */
> - config = (__GLXvisualConfig *)
> - Xmalloc(nvisuals * sizeof(__GLXvisualConfig));
> + if (nvisuals < (INT_MAX / sizeof(__GLXvisualConfig)))
> + config = Xcalloc(nvisuals, sizeof(__GLXvisualConfig));
Isn't the switch to calloc enough to fix the overflow?
> + else
> + config = NULL;
> if (!config) {
> free(props);
> UnlockDisplay(dpy);
> SyncHandle();
> return NULL;
> }
> - memset(config, 0, nvisuals * sizeof(__GLXvisualConfig));
> configs = config;
> num_good_visuals = 0;
>
Cheers,
Julien
More information about the xorg-devel
mailing list