patch: libXt-1.0.8 fix possible array overflow

Jeremy Huddleston jeremyhu at apple.com
Thu Sep 23 09:34:13 PDT 2010


As I had mentioned earlier, there actually is no overflow because the code cannot reach that point if *num_params is 0.

On Sep 23, 2010, at 09:26, walter harms wrote:

> 
> 
> Barry Scott schrieb:
>> On Wednesday 22 September 2010 08:18:21 walter harms wrote:
>>> hi List,
>>> the code checks the upperlimit to 10 while the upperlimit is actualy 9.
>> 
>> You could use "(sizeof( par )/sizeof( String ))-1" to make the code robust aginst
>> a change to the size of par.
>> 
> 
> yep, i could use XtNumber(), personally i prefer
> 
> i%=10;
> par=Xtmalloc(i*sizeof(String));
> 
> but i wanted to fix the overflow first.
> 
> the point i to not understand what do they copy the pointer at all ?
> they could yjust do the fprintf() and ready ..
> 
> 
> re,
> wh
> 
> 
> 
> and change to printf below into a loop
> 
> 
> 
>> Barry
>> 
>>> re,
>>> wh
>>> 
>>> 
>>> --- libXt-1.0.8/src/Error.c.org 2010-09-21 23:23:00.000000000 +0200
>>> +++ libXt-1.0.8/src/Error.c     2010-09-21 23:24:03.000000000 +0200
>>> @@ -257,7 +257,7 @@
>>>             */
>>>            Cardinal i = *num_params;
>>>            String par[10];
>>> -           if (i > 10) i = 10;
>>> +           if (i > 9) i = 9;
>>>            (void) memmove((char*)par, (char*)params, i * sizeof(String) );
>>>            bzero( &par[i], (10-i) * sizeof(String) );
>>>            (void) fprintf (stderr, "%s%s",
>>> @@ -292,7 +292,7 @@
>>>         */
>>>        Cardinal i = *num_params;
>>>        String par[10];
>>> -       if (i > 10) i = 10;
>>> +       if (i > 9) i = 9;
>>>        (void) memmove((char*)par, (char*)params, i * sizeof(String) );
>>>        bzero( &par[i], (10-i) * sizeof(String) );
>>>        if (i != *num_params)
>>> _______________________________________________
>>> xorg at lists.freedesktop.org: X.Org support
>>> Archives: http://lists.freedesktop.org/archives/xorg
>>> Info: http://lists.freedesktop.org/mailman/listinfo/xorg
>>> Your subscription address: barry.scott at onelan.co.uk
>>> 
>>> 
>> 
> _______________________________________________
> xorg-devel at lists.x.org: X.Org development
> Archives: http://lists.x.org/archives/xorg-devel
> Info: http://lists.x.org/mailman/listinfo/xorg-devel



More information about the xorg-devel mailing list