Created attachment 38667 [details] [review] xorg-server-1.9-fix-VbeModeInfoBlock-memcpy.patch Originally reported as https://bugs.gentoo.org/show_bug.cgi?id=337020 GCC since 4.5 produces a warning in hw/xfree86/vbe/vbe.c --- In file included from /usr/include/string.h:642:0, from vbe.c:16: In function ‘memcpy’, inlined from ‘VBEGetModeInfo’ at vbe.c:589:8: /usr/include/bits/string3.h:52:3: warning: call to __builtin___memcpy_chk will always overflow destination buffer In function ‘memcpy’, inlined from ‘VBEGetModeInfo’ at vbe.c:592:8: /usr/include/bits/string3.h:52:3: warning: call to __builtin___memcpy_chk will always overflow destination buffer --- The cause is apparently an off-by-one error in vbe.c memcpy call. Attached patch was submitted in https://bugs.gentoo.org/show_bug.cgi?id=337020#c9 .
xorg-server patches are only applied after they are submitted to the xorg-devel mailing list and reviewed there. Please see the instructions on http://www.x.org/wiki/Development/Documentation/SubmittingPatches
(In reply to comment #1) OK, I've submitted the patch by email: http://lists.x.org/archives/xorg-devel/2010-September/012920.html
*** Bug 30585 has been marked as a duplicate of this bug. ***
Comment on attachment 38667 [details] [review] xorg-server-1.9-fix-VbeModeInfoBlock-memcpy.patch ajax proposed a revised patch that simplifies the code to solve the problem: http://lists.x.org/archives/xorg-devel/2010-September/013499.html
Still not right! VbeModeInfoBlock has a length of 255 bytes not 256.
I believe the correct fix is to change the structure definition to define reserved to have a size of 190 not 189 as the VBE spec defines 256 bytes of data.
This was fixed in xserver master today. Closing.
Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.