820d9040f5
The patch below fixes a potential buffer overflow in xf86addComment(). This occurs if curlen > 0 && eol_seen == 0 && iscomment == 0 , as follows from the code: char *xf86addComment(char *cur, char *add) <...> len = strlen(add); endnewline = add[len - 1] == '\n'; len += 1 + iscomment + (!hasnewline) + (!endnewline) + eol_seen; if ((str = realloc(cur, len + curlen)) == NULL) return cur; cur = str; if (eol_seen || (curlen && !hasnewline)) cur[curlen++] = '\n'; if (!iscomment) cur[curlen++] = '#'; strcpy(cur + curlen, add); if (!endnewline) strcat(cur, "\n"); Signed-off-by: Servaas Vandenberghe <vdb@picaros.org> Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net> [whot: added buffer overflow test case] Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net> |
||
---|---|---|
.. | ||
Configint.h | ||
configProcs.h | ||
Device.c | ||
DRI.c | ||
Extensions.c | ||
Files.c | ||
Flags.c | ||
Input.c | ||
InputClass.c | ||
Layout.c | ||
Makefile.am | ||
Module.c | ||
Monitor.c | ||
Pointer.c | ||
read.c | ||
scan.c | ||
Screen.c | ||
Vendor.c | ||
Video.c | ||
write.c | ||
xf86Optrec.h | ||
xf86Parser.h | ||
xf86tokens.h |