patch: libXt-1.0.8 fix possible array overflow
Jeremy Huddleston
jeremyhu at apple.com
Thu Sep 23 11:42:56 PDT 2010
On Sep 23, 2010, at 11:37, walter harms wrote:
>
>
> Pat Kane schrieb:
>> In the original code if 'i' is equal to 10 then the line
>> (void) memmove((char*)par, (char*)params, i * sizeof(String) );
>> moves ten things, which is okay.
>>
>> The next line:
>> bzero( &par[i], (10-i) * sizeof(String) );
>> moves zero things to a bad address, which is probably okay,
>> but I bet some code checker would complain.
>>
>> The code is very ugly.
>>
>
> yes,
> i can fix that too but i still feel that
> i=10
> bzero( &par[i], (10-i) * sizeof(String) );
>
> setting the limit to i=9 would fix that.
That would break the memmove.
bzero(..., 0) is a no-op.
I fail to see the need to change this.
More information about the xorg
mailing list