| Summary: | Out of bounds array access in FindProcIndex | ||
|---|---|---|---|
| Product: | Mesa | Reporter: | Yogish Kulkarni <yogishk> |
| Component: | EGL | Assignee: | mesa-dev |
| Status: | RESOLVED FIXED | QA Contact: | mesa-dev |
| Severity: | major | ||
| Priority: | medium | CC: | kyle.brenneman |
| Version: | git | ||
| Hardware: | All | ||
| OS: | Linux (All) | ||
| Whiteboard: | |||
| i915 platform: | i915 features: | ||
| Attachments: | Fix out of bounds array access in FindProcIndex | ||
|
Description
Yogish Kulkarni
2018-06-06 10:07:22 UTC
I think this bug can be closed once patch in https://lists.freedesktop.org/archives/mesa-dev/2018-June/196937.html gets submitted. pushed: commit 41642bdbca007035772fbfdc311f14daa5510d5d Author: Kyle Brenneman <kbrenneman@nvidia.com> Date: Wed Jun 6 09:08:47 2018 -0600 egl/glvnd: Fix a segfault in eglGetProcAddress. If FindProcIndex in egldispatchstubs.c is called with a name that's less than the first entry in the array, it would end up trying to store an index of -1 in an unsigned integer, wrap around to 2^32, and then crash when it tries to look that up. Change FindProcIndex so that it uses bsearch(3) instead of implementing its own binary search, like the GLX equivalent FindGLXFunction does. Reviewed-by: Eric Engestrom <eric.engestrom@intel.com> |
Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.