820d9040f5
The patch below fixes a potential buffer overflow in xf86addComment(). This occurs if curlen > 0 && eol_seen == 0 && iscomment == 0 , as follows from the code: char *xf86addComment(char *cur, char *add) <...> len = strlen(add); endnewline = add[len - 1] == '\n'; len += 1 + iscomment + (!hasnewline) + (!endnewline) + eol_seen; if ((str = realloc(cur, len + curlen)) == NULL) return cur; cur = str; if (eol_seen || (curlen && !hasnewline)) cur[curlen++] = '\n'; if (!iscomment) cur[curlen++] = '#'; strcpy(cur + curlen, add); if (!endnewline) strcat(cur, "\n"); Signed-off-by: Servaas Vandenberghe <vdb@picaros.org> Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net> [whot: added buffer overflow test case] Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net> |
||
---|---|---|
.. | ||
dmx | ||
kdrive | ||
vfb | ||
xfree86 | ||
xnest | ||
xquartz | ||
xwin | ||
Makefile.am |