Index: xc/ChangeLog
===================================================================
RCS file: /cvs/xorg/xc/ChangeLog,v
retrieving revision 1.603
diff -u -2 -0 -r1.603 ChangeLog
--- xc/ChangeLog	13 Dec 2004 03:42:32 -0000	1.603
+++ xc/ChangeLog	13 Dec 2004 04:01:32 -0000
@@ -1,21 +1,29 @@
 2004-12-12 Roland Mainz <roland.mainz@nrubsig.org>
+	* xc/util/memleak/getretmips.c
+	Bugzilla #758 (https://bugs.freedesktop.org/show_bug.cgi?id=758)
+	attachment #375 (https://bugs.freedesktop.org/attachment.cgi?id=375):
+	Fix a buffer overrun which may happen when the size of the stack buffer
+	is exactly the same as the actual stack size.
+	Patch by Stephen Kennedy <Stephen.Kennedy@havok.com>.
+
+2004-12-12 Roland Mainz <roland.mainz@nrubsig.org>
 	* xc/programs/Xserver/Xext/saver.c
 	Bugzilla #1695 (https://bugs.freedesktop.org/show_bug.cgi?id=1695)
 	attachment #1230 (https://bugs.freedesktop.org/attachment.cgi?id=1230):       
 	Fix crash in Xscreensaver code which allowed any authentificated X client
         to crash the Xserver using |XScreenSaverUnsetAttributes()|.
         Patch by ajax@nwnk.net
 
 2004-12-12 Roland Mainz <roland.mainz@nrubsig.org>
 	* xc/programs/Xserver/hw/xfree86/common/xf86Xinput.c
 	Bugzilla #1688 (https://bugs.freedesktop.org/show_bug.cgi?id=1688)
 	attachment #1530 (https://bugs.freedesktop.org/attachment.cgi?id=1530):       
 	Fix the current implementation to make it possible to slow down the
 	mouse pointer or use arbitrary fractions (without running into
 	rounding error issues). The change is using the same method of
 	preserving rounding errors that the exponential method is already
 	using.
 	Patch by Jan Brunner <Jan_B@gmx.ch>.
 
 2004-12-12  Kristian Høgsberg  <krh@redhat.com>
 
Index: xc/util/memleak/getretmips.c
===================================================================
RCS file: /cvs/xorg/xc/util/memleak/getretmips.c,v
retrieving revision 1.1.1.1
diff -u -2 -0 -r1.1.1.1 getretmips.c
--- xc/util/memleak/getretmips.c	14 Nov 2003 16:49:24 -0000	1.1.1.1
+++ xc/util/memleak/getretmips.c	13 Dec 2004 04:01:51 -0000
@@ -167,29 +167,32 @@
 		    const_upper = 0;
 		    found_const_lower = TRUE;
 		}
 		else if (inst == RETURN)
 		    ra_limit = ra + 2;
 	    	ra++;
 	    }
 	    if (sp_adjust == 0 && (found_const_upper || found_const_lower))
 		sp_adjust = (const_upper << 16) | const_lower;
 	    rc->raOffset = ra_offset;
 	    rc->spAdjust = sp_adjust;
 	}
 	/* if something went wrong, punt */
 	if (rc->spAdjust <= 0) 
 	{
 	    *results++ = 0;
 	    break;
 	}
 	ra = (unsigned long *) sp[rc->raOffset>>2];
 	sp += rc->spAdjust >> 2;
-	*results++ = ((unsigned long) ra) - 8;
 	if (ra[-2] == mainCall)
 	{
 	    *results++ = 0;
 	    break;
 	}
+	else
+	{
+	    *results++ = ((unsigned long) ra) - 8;
+	}
 	max--;
     }
 }