[PATCH 2/2] xfree86: xf86MatchDriverFromFiles add nmatch argument
Karol Kosik
kkosik at nvidia.com
Wed Jul 22 17:19:01 PDT 2015
xf86MatchDriverFromFiles could overflow passed array because
it didn't know its size. I've added nmatch argument with this
information.
Signed-off-by: Karol Kosik <kkosik at nvidia.com>
---
hw/xfree86/common/xf86pciBus.c | 17 +++++++++--------
hw/xfree86/common/xf86pciBus.h | 2 +-
hw/xfree86/common/xf86platformBus.c | 2 +-
3 files changed, 11 insertions(+), 10 deletions(-)
diff --git a/hw/xfree86/common/xf86pciBus.c b/hw/xfree86/common/xf86pciBus.c
index 258988a..fa7da40 100644
--- a/hw/xfree86/common/xf86pciBus.c
+++ b/hw/xfree86/common/xf86pciBus.c
@@ -1321,7 +1321,7 @@ xchomp(char *line)
* feature it can and should be removed because the symbol-based resolution
* scheme should be the primary one */
void
-xf86MatchDriverFromFiles(char **matches, uint16_t match_vendor, uint16_t match_chip)
+xf86MatchDriverFromFiles(char **matches, int nmatches, uint16_t match_vendor, uint16_t match_chip)
{
DIR *idsdir;
FILE *fp;
@@ -1331,18 +1331,22 @@ xf86MatchDriverFromFiles(char **matches, uint16_t match_vendor, uint16_t match_c
ssize_t read;
char path_name[256], vendor_str[5], chip_str[5];
uint16_t vendor, chip;
- int i, j;
+ int i = 0, j;
idsdir = opendir(PCI_TXT_IDS_PATH);
if (!idsdir)
return;
+ while ((i < nmatches) && matches[i]) {
+ i++;
+ }
+
xf86Msg(X_INFO,
"Scanning %s directory for additional PCI ID's supported by the drivers\n",
PCI_TXT_IDS_PATH);
direntry = readdir(idsdir);
/* Read the directory */
- while (direntry) {
+ while (direntry && (i < nmatches)) {
if (direntry->d_name[0] == '.') {
direntry = readdir(idsdir);
continue;
@@ -1386,10 +1390,6 @@ xf86MatchDriverFromFiles(char **matches, uint16_t match_vendor, uint16_t match_c
}
}
if (vendor == match_vendor && chip == match_chip) {
- i = 0;
- while (matches[i]) {
- i++;
- }
matches[i] =
(char *) malloc(sizeof(char) *
strlen(direntry->d_name) - 3);
@@ -1412,6 +1412,7 @@ xf86MatchDriverFromFiles(char **matches, uint16_t match_vendor, uint16_t match_c
}
xf86Msg(X_INFO, "Matched %s from file name %s\n",
matches[i], direntry->d_name);
+ ++i;
}
}
else {
@@ -1450,7 +1451,7 @@ xf86PciMatchDriver(char *matches[], int nmatches)
pci_iterator_destroy(iter);
#ifdef __linux__
if (info)
- xf86MatchDriverFromFiles(matches, info->vendor_id, info->device_id);
+ xf86MatchDriverFromFiles(matches, nmatches, info->vendor_id, info->device_id);
#endif
for (i = 0; (i < nmatches) && (matches[i]); i++) {
diff --git a/hw/xfree86/common/xf86pciBus.h b/hw/xfree86/common/xf86pciBus.h
index 4972c36..fc6eb4d 100644
--- a/hw/xfree86/common/xf86pciBus.h
+++ b/hw/xfree86/common/xf86pciBus.h
@@ -48,7 +48,7 @@ void xf86PciConfigureNewDev(void *busData, struct pci_device *pVideo,
((x)->dev == (y)->dev))
void
-xf86MatchDriverFromFiles(char **matches, uint16_t match_vendor, uint16_t match_chip);
+xf86MatchDriverFromFiles(char **matches, int nmatches, uint16_t match_vendor, uint16_t match_chip);
int
xf86VideoPtrToDriverList(struct pci_device *dev,
char *returnList[], int returnListMax);
diff --git a/hw/xfree86/common/xf86platformBus.c b/hw/xfree86/common/xf86platformBus.c
index 33b2b7d..ea70f5c 100644
--- a/hw/xfree86/common/xf86platformBus.c
+++ b/hw/xfree86/common/xf86platformBus.c
@@ -198,7 +198,7 @@ xf86PlatformMatchDriver(char *matches[], int nmatches)
info = xf86_platform_devices[i].pdev;
#ifdef __linux__
if (info)
- xf86MatchDriverFromFiles(matches, info->vendor_id, info->device_id);
+ xf86MatchDriverFromFiles(matches, nmatches, info->vendor_id, info->device_id);
#endif
for (j = 0; (j < nmatches) && (matches[j]); j++) {
--
2.4.6
More information about the xorg-devel
mailing list