Felix Kühling wrote:
On Thu, 12 Dec 2002 22:26:23 +0000
Keith Whitwell <[EMAIL PROTECTED]> wrote:
Felix Kühling wrote:
Hi,
while I was messing around with my query programme I found this: if I
specify an invalid screen as argument to XF86DRIGetClientDriverName the
Xserver segfaults. I had a quick look at xc/xc/Xserver/GL/dri/xf86dri.c.
stuff->screen is used as array index without checking. I'm not sure
though, where would be the right place to fix it.
Other functions in xf86dri.c must be affacted, too. They use
stuff->screen in the same way.
Those functions should validate any information they receive over the wire, as
soon as is feasible.
The problem is that the request records are all different. So we can't
check stuff->screen in ProcXF86DRIDispatch. We have to do it in each
request separately.
The attached patch does just that. While I grepped around to see how
other extensions check this I found one more potential problem in
programs/Xserver/GL/glx/glxcmds.c and two suspicious casts of screen
from unsigned to int (screen is always unsigned in the request records).
They are fixed in the attached patch as well.
Committed.
Keith.
-------------------------------------------------------
This sf.net email is sponsored by:
With Great Power, Comes Great Responsibility
Learn to use your power at OSDN's High Performance Computing Channel
http://hpc.devchannel.org/
_______________________________________________
Dri-devel mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/dri-devel
