Bug 11857 - XTrap/xtrapdi.c buffer overflow "by one"
Summary: XTrap/xtrapdi.c buffer overflow "by one"
Status: RESOLVED FIXED
Alias: None
Product: xorg
Classification: Unclassified
Component: Server/General (show other bugs)
Version: git
Hardware: All All
: low normal
Assignee: Xorg Project Team
QA Contact: Xorg Project Team
URL:
Whiteboard:
Keywords: janitor, patch
Depends on:
Blocks:
 
Reported: 2007-08-06 00:58 UTC by Roland "Test-tools" Bär
Modified: 2008-06-24 11:18 UTC (History)
0 users

See Also:
i915 platform:
i915 features:

Attachments
> to >= patch for XTrap/xtrapdi.c (650 bytes, patch)
2007-08-06 00:59 UTC, Roland "Test-tools" Bär 		no flags Details | Splinter Review
View All

Description Roland "Test-tools" Bär 2007-08-06 00:58:27 UTC 
In XTrap/xtrapdi.c function XETrapCreateEnv() we need to check here >= instead of >
  if (client->index > MAXCLIENTS)
Otherwise it would overrun the array by one in
- direct following "else if"
- Inside function FakeClientID() called from line 504.

Please apply attached patch
Comment 1 Roland "Test-tools" Bär 2007-08-06 00:59:44 UTC 
Created attachment 11004 [details] [review]
> to >= patch for XTrap/xtrapdi.c
Comment 2 Adam Jackson 2008-06-24 11:18:29 UTC 
Fixed in master and 1.5 branch, thanks!

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.