xserver: Branch 'master'

Adam Jackson ajax at kemper.freedesktop.org
Wed Apr 25 23:51:49 EEST 2007 

 hw/xfree86/os-support/bus/Pci.c |   14 +++++++++++---
 1 files changed, 11 insertions(+), 3 deletions(-)

New commits:
diff-tree d322608dc929d5f8cda07a53143a4f28423e0460 (from 3ba1e8ab6d69566e1a3f8f0eb4605631aeffc8e5)
Author: Adam Jackson <ajax at benzedrine.nwnk.net>
Date:   Wed Apr 25 16:29:48 2007 -0400

    Fix a buffer overrun on machines with excessively large PCI busses.
    
    Formerly we sized an array with a compile time constant, then initialized
    its size to the same constant, but the Linux PCI init code would increase
    that "constant".  So if you happened to have more than 128 PCI devices,
    you'd happily scribble into whatever variables happened to be in .bss
    after that array.
    
    Only really fixed for Linux atm.  Other OSes will simply (still) fail to
    work on video devices above the 128th PCI device.

diff --git a/hw/xfree86/os-support/bus/Pci.c b/hw/xfree86/os-support/bus/Pci.c
index b80371d..bc5e11f 100644
--- a/hw/xfree86/os-support/bus/Pci.c
+++ b/hw/xfree86/os-support/bus/Pci.c
@@ -232,14 +232,14 @@ _X_EXPORT int            pciNumBuses = 0
 int            pciMaxBusNum = MAX_PCI_BUSES;
 static Bool    inProbe = FALSE;
 
-static pciConfigPtr pci_devp[MAX_PCI_DEVICES + 1] = {NULL, };
+static pciConfigPtr *pci_devp = NULL;
 
 static int readPciBios( PCITAG Tag, CARD8* tmp, ADDRESS hostbase,
 			unsigned char * buf, int len, PciBiosType BiosType );
 
 static int (*pciOSHandleBIOS)(PCITAG Tag, int basereg, unsigned char *buf, int len);
 
-int xf86MaxPciDevs = MAX_PCI_DEVICES;
+int xf86MaxPciDevs = 0;
 
 /*
  * Platform specific PCI function pointers.
@@ -272,6 +272,14 @@ pciInit()
 	if (pciNumBuses <= 0)
 	    ARCH_PCI_OS_INIT();
 #endif
+	if (xf86MaxPciDevs == 0) {
+	    xf86Msg(X_WARNING,
+		    "OS did not count PCI devices, guessing wildly\n");
+	    xf86MaxPciDevs = MAX_PCI_DEVICES;
+	}
+	if (pci_devp)
+	    xfree(pci_devp);
+	pci_devp = xnfcalloc(xf86MaxPciDevs + 1, sizeof(pciConfigPtr));
 }
 
 void pciSetOSBIOSPtr(int (*bios_fn)(PCITAG Tag, int basereg, unsigned char * buf, int len))
@@ -920,7 +928,7 @@ xf86scanpci(int flags)
      * result in an endless recursion if platform/OS specific PCI
      * bus probing code calls this function from with in it.
      */
-    if (done || pci_devp[0])
+    if (done || pci_devp)
 	return pci_devp;
 
     done = TRUE;

More information about the xorg-commit mailing list