[PATCH] xf86RandR12: use correct gamma size when allocating gamma table
dbehr at chromium.org
dbehr at chromium.org
Tue Apr 1 20:36:13 PDT 2014
From: Dominik Behr <dbehr at chromium.org>
When setting crtc->gamma_size to randr_crtc->gammaSize we should
use randr_crtc->gammaSize to allocate new gamma table in crtc.
Currently, if randr_crtc->gammaSize > crtc->gammaSize the subsequent
memcpy will overwrite memory beyond the end of gamma table.
Signed-off-by: Dominik Behr <dbehr at chromium.org>
---
hw/xfree86/modes/xf86RandR12.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/hw/xfree86/modes/xf86RandR12.c b/hw/xfree86/modes/xf86RandR12.c
index 66139dc..8a04dfc 100644
--- a/hw/xfree86/modes/xf86RandR12.c
+++ b/hw/xfree86/modes/xf86RandR12.c
@@ -1256,12 +1256,13 @@ xf86RandR12CrtcSetGamma(ScreenPtr pScreen, RRCrtcPtr randr_crtc)
CARD16 *tmp_ptr;
tmp_ptr =
- realloc(crtc->gamma_red, 3 * crtc->gamma_size * sizeof(CARD16));
+ realloc(crtc->gamma_red,
+ 3 * randr_crtc->gammaSize * sizeof(CARD16));
if (!tmp_ptr)
return FALSE;
crtc->gamma_red = tmp_ptr;
- crtc->gamma_green = crtc->gamma_red + crtc->gamma_size;
- crtc->gamma_blue = crtc->gamma_green + crtc->gamma_size;
+ crtc->gamma_green = crtc->gamma_red + randr_crtc->gammaSize;
+ crtc->gamma_blue = crtc->gamma_green + randr_crtc->gammaSize;
}
crtc->gamma_size = randr_crtc->gammaSize;
--
1.9.1.423.g4596e3a
More information about the xorg-devel
mailing list