Hello, On Tue, 7 Jul 2015 14:46:27 +0000 (UTC) chris...@astron.com (Christos Zoulas) wrote:
> In article <20150707005552.d4a8...@cvs.netbsd.org>, > Michael Lorenz <source-changes-d@NetBSD.org> wrote: > >-=-=-=-=-=- > > > >Modified files: > > > >Index: xsrc/external/mit/xf86-video-r128/dist/src/r128_driver.c > >diff -u xsrc/external/mit/xf86-video-r128/dist/src/r128_driver.c:1.9 > >xsrc/external/mit/xf86-video-r128/dist/src/r128_driver.c:1.10 > >--- xsrc/external/mit/xf86-video-r128/dist/src/r128_driver.c:1.9 Wed Mar > >19 23:56:47 2014 > >+++ xsrc/external/mit/xf86-video-r128/dist/src/r128_driver.c Tue Jul 7 > >00:55:52 2015 > >@@ -1625,6 +1625,8 @@ static int R128ValidateFPModes(ScrnInfoP > > pScrn->display->modes[0] = xnfalloc(16); > > sprintf(pScrn->display->modes[0], "%dx%d", > > info->PanelXRes, info->PanelYRes); > >+ /* don't forget to NULL terminate */ > >+ pScrn->display->modes[1] = NULL; > > Pick up a magic number 16, and then use sprintf instead of snprintf -> > Welcome to the wonderful world of buffer overflow... I didn't even look at that, I bet lots more Xorg drivers are full of stuff like that. have fun Michael