Bug 94099 - missing bounds check in makedepend
Summary: missing bounds check in makedepend
Status: RESOLVED FIXED
Alias: None
Product: xorg
Classification: Unclassified
Component: Build/Monolithic (show other bugs)
Version: git
Hardware: Other All
: medium normal
Assignee: Xorg Project Team
QA Contact: Xorg Project Team
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2016-02-11 18:48 UTC by Dirk
Modified: 2018-03-24 07:50 UTC (History)
0 users

See Also:
i915 platform:
i915 features:

Attachments
bounds check of fp pointer assignment (388 bytes, text/plain)
2016-02-11 18:48 UTC, Dirk 		no flags Details
View All

Description Dirk 2016-02-11 18:48:13 UTC 
Created attachment 121688 [details]
bounds check of fp pointer assignment

when assigning source code files from the command line to the fp pointer, no bounds check is done and if more than MAXFILES file names are specified on the command line, memory will be overridden out of bounds. The attached patch will check those bounds and abort program execution.
Comment 1 Alan Coopersmith 2018-03-24 07:50:48 UTC 
Thanks for the report & fix!

Patch pushed to git master for the next release:
https://cgit.freedesktop.org/xorg/util/makedepend/commit/?id=0860822bb2a1bbc6e40758e2e6413181b26b6b04

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.