patch: libXt-1.0.8 fix possible array overflow
walter harms
wharms at bfs.de
Thu Sep 23 11:37:37 PDT 2010
Pat Kane schrieb:
> In the original code if 'i' is equal to 10 then the line
> (void) memmove((char*)par, (char*)params, i * sizeof(String) );
> moves ten things, which is okay.
>
> The next line:
> bzero( &par[i], (10-i) * sizeof(String) );
> moves zero things to a bad address, which is probably okay,
> but I bet some code checker would complain.
>
> The code is very ugly.
>
yes,
i can fix that too but i still feel that
i=10
bzero( &par[i], (10-i) * sizeof(String) );
setting the limit to i=9 would fix that.
most maintainers prefer 1 fix 1 patch, i can send a revisited patch
re,
wh
More information about the xorg
mailing list