[PATCH xserver 2/3] xfree86: Allocate sufficienct space for dev2screen array
Jeff Smith
whydoubt at gmail.com
Mon Feb 5 05:17:53 UTC 2018
When the dev2screen is sized to xf86NumDrivers in DoConfigure(),
subsequent code may attempt to write past the end of the array.
Size the dev2screen array to nDevToConfig instead.
Signed-off-by: Jeff Smith <whydoubt at gmail.com>
---
hw/xfree86/common/xf86Configure.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/hw/xfree86/common/xf86Configure.c b/hw/xfree86/common/xf86Configure.c
index 72efa2700..4026e3b5b 100644
--- a/hw/xfree86/common/xf86Configure.c
+++ b/hw/xfree86/common/xf86Configure.c
@@ -703,7 +703,7 @@ DoConfigure(void)
xf86DoConfigurePass1 = FALSE;
- dev2screen = xnfcalloc(xf86NumDrivers, sizeof(int));
+ dev2screen = xnfcalloc(nDevToConfig, sizeof(int));
{
Bool *driverProbed = xnfcalloc(xf86NumDrivers, sizeof(Bool));
--
2.14.3
More information about the xorg-devel
mailing list