modesetting: Fix potential buffer overflow

If one misconfigures a ZaphodHeads value (more than 20 characters
without a delimiter), we get an overflow of our buffer.  Use
xstrtokenize() instead of writing/fixing our own tokenizer.

Signed-off-by: Daniel Martin <consume.noise@gmail.com>
Reviewed-by: Eric Engestrom <eric.engestrom@imgtec.com>

hw/xfree86/drivers/modesetting/drmmode_display.c

@@ -57,34 +57,22 @@ static PixmapPtr drmmode_create_pixmap_header(ScreenPtr pScreen, int width, int
 static Bool
 drmmode_zaphod_string_matches(ScrnInfoPtr scrn, const char *s, char *output_name)
 {
-    int i = 0;
-    char s1[20];
+    char **token = xstrtokenize(s, ", \t\n\r");
+    Bool ret = FALSE;
 
-    do {
-        switch(*s) {
-        case ',':
-            s1[i] = '\0';
-            i = 0;
-            if (strcmp(s1, output_name) == 0)
-                return TRUE;
-            break;
-        case ' ':
-        case '\t':
-        case '\n':
-        case '\r':
-            break;
-        default:
-            s1[i] = *s;
-            i++;
-            break;
-        }
-    } while(*s++);
+    if (!token)
+        return FALSE;
 
-    s1[i] = '\0';
-    if (strcmp(s1, output_name) == 0)
-        return TRUE;
+    for (int i = 0; token[i]; i++) {
+        if (strcmp(token[i], output_name) == 0)
+            ret = TRUE;
 
-    return FALSE;
+        free(token[i]);
+    }
+
+    free(token);
+
+    return ret;
 }
 
 int

include/misc.h

@@ -233,7 +233,7 @@ padding_for_int32(const int bytes)
 }
 
 
-extern char **xstrtokenize(const char *str, const char *separators);
+extern _X_EXPORT char **xstrtokenize(const char *str, const char *separators);
 extern void FormatInt64(int64_t num, char *string);
 extern void FormatUInt64(uint64_t num, char *string);
 extern void FormatUInt64Hex(uint64_t num, char *string);