libXt-1.0.8:fix possible array averflow
walter harms
wharms at bfs.de
Wed Sep 22 10:18:39 PDT 2010
hi List,
the code checks the upperlimit to 10 while the upperlimit is actualy 9.
The org. patch is attacehd since i guess the tabs will be mangeld.
re,
wh
Signed-off-by: walter harms <wharms at bfs.de>
--- libXt-1.0.8/src/Error.c.org 2010-09-21 23:23:00.000000000 +0200
+++ libXt-1.0.8/src/Error.c 2010-09-21 23:24:03.000000000 +0200
@@ -257,7 +257,7 @@
*/
Cardinal i = *num_params;
String par[10];
- if (i > 10) i = 10;
+ if (i > 9) i = 9;
(void) memmove((char*)par, (char*)params, i * sizeof(String) );
bzero( &par[i], (10-i) * sizeof(String) );
(void) fprintf (stderr, "%s%s",
@@ -292,7 +292,7 @@
*/
Cardinal i = *num_params;
String par[10];
- if (i > 10) i = 10;
+ if (i > 9) i = 9;
(void) memmove((char*)par, (char*)params, i * sizeof(String) );
bzero( &par[i], (10-i) * sizeof(String) );
if (i != *num_params)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Overflow.patch
Type: text/x-diff
Size: 672 bytes
Desc: not available
URL: <http://lists.x.org/archives/xorg-devel/attachments/20100922/26300dd3/attachment.patch>
More information about the xorg-devel
mailing list