From cb4961f5619d67d10fc611752ad7ccee26f78315 Mon Sep 17 00:00:00 2001 From: Yogish Kulkarni Date: Wed, 6 Jun 2018 14:50:12 +0530 Subject: [PATCH 1/1] EGL: Fix out of bounds array access When name passed to FindProcIndex() is not present in array __EGL_DISPATCH_FUNC_NAMES, "last" can become -1. But since it is declared as unsigned "while (first <= last)" check will get pass and __EGL_DISPATCH_FUNC_NAMES[] will be accessed out of the bounds. To avoid this declare first and last as int. Bugzilla: --- src/egl/main/egldispatchstubs.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/egl/main/egldispatchstubs.c b/src/egl/main/egldispatchstubs.c index e02abd7a9e..dd39e25be0 100644 --- a/src/egl/main/egldispatchstubs.c +++ b/src/egl/main/egldispatchstubs.c @@ -12,8 +12,8 @@ int __EGL_DISPATCH_FUNC_INDICES[__EGL_DISPATCH_COUNT + 1]; static int FindProcIndex(const char *name) { - unsigned first = 0; - unsigned last = __EGL_DISPATCH_COUNT - 1; + int first = 0; + int last = __EGL_DISPATCH_COUNT - 1; while (first <= last) { unsigned middle = (first + last) / 2; -- 2.14.1