Re: [directfb-dev] IDirectFBSurface Dispatch_Write bugs

Fri, 25 Apr 2014 02:17:30 -0700 

On Fri, Apr 25, 2014 at 10:22 AM, Denis Oliver Kropp <d...@directfb.org> wrote:
> On 03/27/14 00:41, Frédéric Basse wrote:
>>
>> * CWE-787: Out-of-bounds Write
>> 'count' can exceed 'dst' buffer size.
>> =>
>> http://git.directfb.org/?p=core/DirectFB.git;a=blob;f=proxy/dispatcher/idirectfbsurface_dispatcher.c;h=6e99cbba8a8430869b318936ed63a80f44b83201;hb=HEAD#l1676
>> =>
>> http://git.directfb.org/?p=core/DirectFB.git;a=blob;f=proxy/dispatcher/idirectfbsurface_dispatcher.c;h=6e99cbba8a8430869b318936ed63a80f44b83201;hb=HEAD#l1626
>
> Does it mean that 'count' has to be checked against 'num', as done for 'out'?
Yes, but this may be a bit more complex, like: count+out < num

>
> --
> Denis Oliver Kropp
> CEO
> DirectFB integrated media GmbH
> _______________________________________________
> directfb-dev mailing list
> directfb-dev@directfb.org
> http://mail.directfb.org/cgi-bin/mailman/listinfo/directfb-dev
_______________________________________________
directfb-dev mailing list
directfb-dev@directfb.org
http://mail.directfb.org/cgi-bin/mailman/listinfo/directfb-dev

Reply via email to