xserver-multidpi

andreacavalli/xserver-multidpi

Fork 0

Commit Graph

Author	SHA1	Message	Date
Servaas Vandenberghe	820d9040f5	xfree86: fix potential buffer overflow The patch below fixes a potential buffer overflow in xf86addComment(). This occurs if curlen > 0 && eol_seen == 0 && iscomment == 0 , as follows from the code: char xf86addComment(char cur, char *add) <...> len = strlen(add); endnewline = add[len - 1] == '\n'; len += 1 + iscomment + (!hasnewline) + (!endnewline) + eol_seen; if ((str = realloc(cur, len + curlen)) == NULL) return cur; cur = str; if (eol_seen \|\| (curlen && !hasnewline)) cur[curlen++] = '\n'; if (!iscomment) cur[curlen++] = '#'; strcpy(cur + curlen, add); if (!endnewline) strcat(cur, "\n"); Signed-off-by: Servaas Vandenberghe <vdb@picaros.org> Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net> [whot: added buffer overflow test case] Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>	2011-10-31 09:39:04 +10:00
Peter Hutterer	24823f1ab0	xfree86: switch options from pointer to XF86OptionPtr In all cases, the pointer was simply type-cast anyway. Let's get some compile-time type safety going, how about that. Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net> Reviewed-by: Dan Nicholson <dbn.lists@gmail.com> Squashed in: xfree86: Move definition of xf86OptionPtr into separate header file The pile of spaghettis that is the xfree86 include dependencies make it rather hard to have a single typedef somewhere that's not interfering with everything else or drags in a whole bunch of other includes. Move the xf86OptionRec and GenericListRec declarations into a separate header. Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net> Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>	2011-09-27 11:43:36 +10:00
Peter Hutterer	5aa826cdd1	test: add a option duplication test Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net> Reviewed-by: Daniel Stone <daniel@fooishbar.org>	2011-08-22 15:56:48 +10:00

Author

SHA1

Message

Date

Servaas Vandenberghe

820d9040f5

xfree86: fix potential buffer overflow

The patch below fixes a potential buffer overflow in xf86addComment().
This occurs if  curlen > 0 && eol_seen == 0 && iscomment == 0 , as
follows from the code:

char *xf86addComment(char *cur, char *add)

<...>

        len = strlen(add);
        endnewline = add[len - 1] == '\n';
        len +=  1 + iscomment + (!hasnewline) + (!endnewline) + eol_seen;

        if ((str = realloc(cur, len + curlen)) == NULL)
                return cur;

        cur = str;

        if (eol_seen || (curlen && !hasnewline))
                cur[curlen++] = '\n';
        if (!iscomment)
                cur[curlen++] = '#';
        strcpy(cur + curlen, add);
        if (!endnewline)
                strcat(cur, "\n");

Signed-off-by: Servaas Vandenberghe <vdb@picaros.org>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>

[whot: added buffer overflow test case]

Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>

2011-10-31 09:39:04 +10:00

Peter Hutterer

24823f1ab0

xfree86: switch options from pointer to XF86OptionPtr

In all cases, the pointer was simply type-cast anyway. Let's get some
compile-time type safety going, how about that.

Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Reviewed-by: Dan Nicholson <dbn.lists@gmail.com>

Squashed in:
xfree86: Move definition of xf86OptionPtr into separate header file

The pile of spaghettis that is the xfree86 include dependencies make it
rather hard to have a single typedef somewhere that's not interfering with
everything else or drags in a whole bunch of other includes.

Move the xf86OptionRec and GenericListRec declarations into a separate
header.

Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>

2011-09-27 11:43:36 +10:00

Peter Hutterer

5aa826cdd1

test: add a option duplication test

Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Reviewed-by: Daniel Stone <daniel@fooishbar.org>

2011-08-22 15:56:48 +10:00

3 Commits