[PATCH xts 1/2] libproto: Fix buffer read overrun
Peter Harris
pharris at opentext.com
Tue Jan 20 17:57:34 PST 2015
Found by -fsanitize=address
Signed-off-by: Peter Harris <pharris at opentext.com>
---
xts5/src/libproto/ShowSup.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/xts5/src/libproto/ShowSup.c b/xts5/src/libproto/ShowSup.c
index a05ff7d..b8ba796 100644
--- a/xts5/src/libproto/ShowSup.c
+++ b/xts5/src/libproto/ShowSup.c
@@ -581,7 +581,7 @@ int format;
int i;
if (nval > 0) {
- valuePtr = (CARD32 *) ((CARD32 *) rp + size);
+ valuePtr = (CARD32 *) ((CARD8 *) rp + size);
for (i = 0; i < nval; i++) {
Log_Some("\tfontprop %d, name = 0x%lx, value = 0x%lx\n", i, *valuePtr, *(valuePtr+1));
valuePtr += 2;
@@ -598,7 +598,7 @@ int format;
int i;
if (nval > 0) {
- valuePtr = (CARD16 *) ((CARD16 *) rp + size);
+ valuePtr = (CARD16 *) ((CARD8 *) rp + size);
for (i = 0; i < nval; i++) {
Log_Some("\tcharinfo %d, left-side-bearing = %d, right-side-bearing = %d, character-width = %d, ascent = %d, descent = %d, attributes = 0x%x\n", i, *valuePtr, *(valuePtr+1), *(valuePtr+2), *(valuePtr+3), *(valuePtr+4), *(valuePtr+5));
valuePtr += 6;
--
2.1.0
More information about the xorg-devel
mailing list