|Summary:||hw/xfree86/vbe/vbe.c off-by-one error|
|Product:||xorg||Reporter:||Chí-Thanh Christopher Nguyễn <chithanh>|
|Component:||Server/General||Assignee:||Adam Jackson <ajax>|
|Status:||RESOLVED FIXED||QA Contact:||Xorg Project Team <xorg-team>|
|Priority:||medium||CC:||frank.mehnert, robatino, tetromino|
|i915 platform:||i915 features:|
|Bug Depends on:|
Description Chí-Thanh Christopher Nguyễn 2010-09-13 01:53:15 UTC
Created attachment 38667 [details] [review] xorg-server-1.9-fix-VbeModeInfoBlock-memcpy.patch Originally reported as https://bugs.gentoo.org/show_bug.cgi?id=337020 GCC since 4.5 produces a warning in hw/xfree86/vbe/vbe.c --- In file included from /usr/include/string.h:642:0, from vbe.c:16: In function ‘memcpy’, inlined from ‘VBEGetModeInfo’ at vbe.c:589:8: /usr/include/bits/string3.h:52:3: warning: call to __builtin___memcpy_chk will always overflow destination buffer In function ‘memcpy’, inlined from ‘VBEGetModeInfo’ at vbe.c:592:8: /usr/include/bits/string3.h:52:3: warning: call to __builtin___memcpy_chk will always overflow destination buffer --- The cause is apparently an off-by-one error in vbe.c memcpy call. Attached patch was submitted in https://bugs.gentoo.org/show_bug.cgi?id=337020#c9 .
Comment 1 Alan Coopersmith 2010-09-13 07:30:43 UTC
xorg-server patches are only applied after they are submitted to the xorg-devel mailing list and reviewed there. Please see the instructions on http://www.x.org/wiki/Development/Documentation/SubmittingPatches
Comment 2 Alexandre Rostovtsev 2010-09-14 08:48:49 UTC
(In reply to comment #1) OK, I've submitted the patch by email: http://lists.x.org/archives/xorg-devel/2010-September/012920.html
Comment 3 Alan Coopersmith 2010-10-03 09:10:02 UTC
*** Bug 30585 has been marked as a duplicate of this bug. ***
Comment 4 Alan Coopersmith 2010-10-03 09:13:02 UTC
Comment on attachment 38667 [details] [review] xorg-server-1.9-fix-VbeModeInfoBlock-memcpy.patch ajax proposed a revised patch that simplifies the code to solve the problem: http://lists.x.org/archives/xorg-devel/2010-September/013499.html
Comment 5 Frank Mehnert 2010-10-05 00:31:20 UTC
Still not right! VbeModeInfoBlock has a length of 255 bytes not 256.
Comment 6 Frank Mehnert 2010-10-05 01:19:13 UTC
I believe the correct fix is to change the structure definition to define reserved to have a size of 190 not 189 as the VBE spec defines 256 bytes of data.
Comment 7 Jesse Adkins 2010-10-05 16:06:36 UTC
This was fixed in xserver master today. Closing.