[PATCH] libXvMC: avoid overflowing by making nameLen and busIDLen addition overflow
Dave Airlie
airlied at gmail.com
Sun May 26 16:45:06 PDT 2013
From: Dave Airlie <airlied at redhat.com>
Al Viro pointed this out on lwn, and I think this patch should fix it,
but making sure we don't do the addition as 32-bit on 64-bit machines.
Reported-by: Al Viro <viro at zeniv.linux.org.uk>
Signed-off-by: Dave Airlie <airlied at redhat.com>
---
src/XvMC.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/XvMC.c b/src/XvMC.c
index 74c8b85..e1b215e 100644
--- a/src/XvMC.c
+++ b/src/XvMC.c
@@ -575,7 +575,7 @@ Status XvMCGetDRInfo(Display *dpy, XvPortID port,
if (rep.length < (INT_MAX >> 2)) {
realSize = rep.length << 2;
- if (realSize >= (rep.nameLen + rep.busIDLen)) {
+ if (realSize >= ((unsigned long)rep.nameLen + (unsigned long)rep.busIDLen)) {
tmpBuf = Xmalloc(realSize);
*name = Xmalloc(rep.nameLen);
*busID = Xmalloc(rep.busIDLen);
--
1.8.1.2
More information about the xorg-devel
mailing list