[PATCH] vbe: Fix malloc size bug

Adam Jackson ajax at nwnk.net
Thu Feb 24 14:56:30 PST 2011


On Thu, 2011-02-24 at 13:26 -0800, Alan Coopersmith wrote:
> On 02/24/11 01:11 PM, Adam Jackson wrote:
> > diff --git a/hw/xfree86/vbe/vbe.c b/hw/xfree86/vbe/vbe.c
> > index bcda5ec..56e3ec4 100644
> > --- a/hw/xfree86/vbe/vbe.c
> > +++ b/hw/xfree86/vbe/vbe.c
> > @@ -395,7 +395,7 @@ VBEGetVBEInfo(vbeInfoPtr pVbe)
> >      i = 0;
> >      while (modes[i] != 0xffff)
> >  	i++;
> > -    block->VideoModePtr = malloc(sizeof(CARD16) * i + 1);
> > +    block->VideoModePtr = malloc(sizeof(CARD16) * i + 2);
> 
> Was the original intent malloc(sizeof(CARD16) * (i + 1)) ?

Almost certainly.

> That might be a bit clearer than letting the reader wonder "why 2?"

Yeah.  Though, any casual reader of the vbe code who doesn't already
understand sizeof and malloc is probably already in a pretty bad part of
town.

- ajax
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part
URL: <http://lists.x.org/archives/xorg-devel/attachments/20110224/5c7ec05f/attachment.pgp>


More information about the xorg-devel mailing list