[PATCH] xf86RandR12: use correct gamma size when allocating gamma table
Stéphane Marchesin
stephane.marchesin at gmail.com
Fri Apr 18 20:19:25 PDT 2014
On Tue, Apr 1, 2014 at 8:36 PM, <dbehr at chromium.org> wrote:
> From: Dominik Behr <dbehr at chromium.org>
>
> When setting crtc->gamma_size to randr_crtc->gammaSize we should
> use randr_crtc->gammaSize to allocate new gamma table in crtc.
> Currently, if randr_crtc->gammaSize > crtc->gammaSize the subsequent
> memcpy will overwrite memory beyond the end of gamma table.
>
> Signed-off-by: Dominik Behr <dbehr at chromium.org>
>
Reviewed-by: Stéphane Marchesin <marcheu at chromium.org>
> ---
> hw/xfree86/modes/xf86RandR12.c | 7 ++++---
> 1 file changed, 4 insertions(+), 3 deletions(-)
>
> diff --git a/hw/xfree86/modes/xf86RandR12.c
> b/hw/xfree86/modes/xf86RandR12.c
> index 66139dc..8a04dfc 100644
> --- a/hw/xfree86/modes/xf86RandR12.c
> +++ b/hw/xfree86/modes/xf86RandR12.c
> @@ -1256,12 +1256,13 @@ xf86RandR12CrtcSetGamma(ScreenPtr pScreen,
> RRCrtcPtr randr_crtc)
> CARD16 *tmp_ptr;
>
> tmp_ptr =
> - realloc(crtc->gamma_red, 3 * crtc->gamma_size *
> sizeof(CARD16));
> + realloc(crtc->gamma_red,
> + 3 * randr_crtc->gammaSize * sizeof(CARD16));
> if (!tmp_ptr)
> return FALSE;
> crtc->gamma_red = tmp_ptr;
> - crtc->gamma_green = crtc->gamma_red + crtc->gamma_size;
> - crtc->gamma_blue = crtc->gamma_green + crtc->gamma_size;
> + crtc->gamma_green = crtc->gamma_red + randr_crtc->gammaSize;
> + crtc->gamma_blue = crtc->gamma_green + randr_crtc->gammaSize;
> }
>
> crtc->gamma_size = randr_crtc->gammaSize;
> --
> 1.9.1.423.g4596e3a
>
> _______________________________________________
> xorg-devel at lists.x.org: X.Org development
> Archives: http://lists.x.org/archives/xorg-devel
> Info: http://lists.x.org/mailman/listinfo/xorg-devel
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.x.org/archives/xorg-devel/attachments/20140418/ed70e965/attachment.html>
More information about the xorg-devel
mailing list