New commits:
http://git.directfb.org/?p=core/DirectFB.git;a=commit;h=29dd8f3790d6ace7ed534c4d52d0328fa0703ff2
commit 29dd8f3790d6ace7ed534c4d52d0328fa0703ff2
Author: Mike Crowe <[EMAIL PROTECTED]>
Date: Wed Aug 15 00:34:46 2007 +0300
Fix potential SEGV in linux_input
I've managed to provoke a segfault in DirectFB by unplugging a USB
input device.
linux_input_EventThread divides the result of reading from the input
device by sizeof(levt) prior to checking for error. Because the type
of sizeof may be unsigned the int result of read is promoted
to unsigned prior to the division. This means that a read error will
cause readlen to contain a number larger than the size of the array
causing the following loop to exceed its bounds.
This patch defers the division until the value is known to be positive.
README | 1 +
inputdrivers/linux_input/linux_input.c | 4 ++--
2 files changed, 3 insertions(+), 2 deletions(-)
_______________________________________________
directfb-cvs mailing list
[email protected]
http://mail.directfb.org/cgi-bin/mailman/listinfo/directfb-cvs
