[PATCH] xfree86: fix VbeModeInfoBlock memcpy off-by-one (#30159)
Alexandre Rostovtsev
tetromino at gmail.com
Tue Sep 14 00:39:45 PDT 2010
This patch fixes some old memcpy off-by-one errors in vbe.c that gcc-4.5
complains about when compiling with -O1 or higher optimization:
In file included from /usr/include/string.h:642:0,
from vbe.c:16:
In function ‘memcpy’,
inlined from ‘VBEGetModeInfo’ at vbe.c:589:8:
/usr/include/bits/string3.h:52:3: warning: call to __builtin___memcpy_chk will always overflow destination buffer
In function ‘memcpy’,
inlined from ‘VBEGetModeInfo’ at vbe.c:592:8:
/usr/include/bits/string3.h:52:3: warning: call to __builtin___memcpy_chk will always overflow destination buffer
X.Org bug 30159 <https://bugs.freedesktop.org/show_bug.cgi?id=30159>
Signed-off-by: Alexandre Rostovtsev <tetromino at gmail.com>
---
Reserved2 is 189 bytes (not 188). From LinBytesPerScanLine to end of
Reserved2 we have 189 + 16 = 205 bytes (not 206). From PhysBasePtr to end
of Reserved2 we have 189 + 26 = 215 bytes (not 216).
hw/xfree86/vbe/vbe.c | 6 +++---
1 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/hw/xfree86/vbe/vbe.c b/hw/xfree86/vbe/vbe.c
index 0b34648..2051577 100644
--- a/hw/xfree86/vbe/vbe.c
+++ b/hw/xfree86/vbe/vbe.c
@@ -583,13 +583,13 @@ VBEGetModeInfo(vbeInfoPtr pVbe, int mode)
block->LinRsvdMaskSize = ((char*)pVbe->memory)[60];
block->LinRsvdFieldPosition = ((char*)pVbe->memory)[61];
block->MaxPixelClock = *(CARD32*)(((char*)pVbe->memory) + 62);
- memcpy(&block->Reserved2, ((char*)pVbe->memory) + 66, 188);
+ memcpy(&block->Reserved2, ((char*)pVbe->memory) + 66, 189);
}
else
- memcpy(&block->LinBytesPerScanLine, ((char*)pVbe->memory) + 50, 206);
+ memcpy(&block->LinBytesPerScanLine, ((char*)pVbe->memory) + 50, 205);
}
else
- memcpy(&block->PhysBasePtr, ((char*)pVbe->memory) + 40, 216);
+ memcpy(&block->PhysBasePtr, ((char*)pVbe->memory) + 40, 215);
return block;
}
--
1.7.2.2
More information about the xorg-devel
mailing list