[PATCH libXfont] Fix buffer read overrun
Alan Coopersmith
alan.coopersmith at oracle.com
Fri Apr 18 12:55:58 PDT 2014
On 04/18/14 11:43 AM, Keith Packard wrote:
> Alan Coopersmith <alan.coopersmith at oracle.com> writes:
>
>> glamor/glamor_xv.c:#define MAKE_ATOM(a) MakeAtom(a, sizeof(a) - 1, TRUE)
>> hw/kdrive/src/kinput.c:#define AtomFromName(x) MakeAtom(x, strlen(x), 1)
>> xkb/ddxBeep.c:#define MAKE_ATOM(a) MakeAtom(a,sizeof(a)-1,TRUE)
>> xkb/xkbDflts.h:#define GET_ATOM(d,s) MakeAtom(s,strlen(s),1)
>> xkb/xkbInit.c:#define CREATE_ATOM(s) MakeAtom(s,sizeof(s)-1,1)
>
> Those 'sizeof' ones are scary.
They work, as long as you only ever pass a literal string to them, not a
pointer.
> Maybe MakeAtom could take take '0' as "use strlen"?
Seems like a reasonable simplification in the server - hard to use from other
modules (libXfont, drivers, etc.) until you're sure you'll only ever be used
with a server recognizing that.
--
-Alan Coopersmith- alan.coopersmith at oracle.com
Oracle Solaris Engineering - http://blogs.oracle.com/alanc
More information about the xorg-devel
mailing list