| Summary: | missing bounds check in makedepend | ||||||
|---|---|---|---|---|---|---|---|
| Product: | xorg | Reporter: | Dirk <doj> | ||||
| Component: | Build/Monolithic | Assignee: | Xorg Project Team <xorg-team> | ||||
| Status: | RESOLVED FIXED | QA Contact: | Xorg Project Team <xorg-team> | ||||
| Severity: | normal | ||||||
| Priority: | medium | ||||||
| Version: | git | ||||||
| Hardware: | Other | ||||||
| OS: | All | ||||||
| Whiteboard: | |||||||
| i915 platform: | i915 features: | ||||||
| Attachments: |
|
||||||
Thanks for the report & fix! Patch pushed to git master for the next release: https://cgit.freedesktop.org/xorg/util/makedepend/commit/?id=0860822bb2a1bbc6e40758e2e6413181b26b6b04 |
Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.
Created attachment 121688 [details] bounds check of fp pointer assignment when assigning source code files from the command line to the fp pointer, no bounds check is done and if more than MAXFILES file names are specified on the command line, memory will be overridden out of bounds. The attached patch will check those bounds and abort program execution.