It may be worth noting, for future archaeologists, that this scenario is impossible since the function will never return a value less than 4 in the usage here.
On Fri, Oct 9, 2015 at 4:30 AM Tom Hacohen <[email protected]> wrote: > tasn pushed a commit to branch master. > > > http://git.enlightenment.org/core/enlightenment.git/commit/?id=981e3f8f31606908d4889fa379cdf7d259810a26 > > commit 981e3f8f31606908d4889fa379cdf7d259810a26 > Author: Tom Hacohen <[email protected]> > Date: Fri Oct 9 09:19:51 2015 +0100 > > Client: fix potential out of bounds read. > > This is an unsigned int underflow that could lead to an out > of bounds read. > > CID 1291837 > > @fix > --- > src/bin/e_client.c | 5 ++++- > 1 file changed, 4 insertions(+), 1 deletion(-) > > diff --git a/src/bin/e_client.c b/src/bin/e_client.c > index f530dcb..1b44518 100644 > --- a/src/bin/e_client.c > +++ b/src/bin/e_client.c > @@ -3257,7 +3257,10 @@ e_client_below_get(const E_Client *ec) > if (e_comp_canvas_client_layer_map(ec->layer) == 9999) return NULL; > > /* go down the layers until we find one */ > - for (x = e_comp_canvas_layer_map(ec->layer) - 1; x >= > e_comp_canvas_layer_map(E_LAYER_CLIENT_DESKTOP); x--) > + x = e_comp_canvas_layer_map(ec->layer); > + if (x > 0) x--; > + > + for (; x >= e_comp_canvas_layer_map(E_LAYER_CLIENT_DESKTOP); x--) > { > if (!e_comp->layers[x].clients) continue; > EINA_INLIST_REVERSE_FOREACH(e_comp->layers[x].clients, ec2) > > -- > > > ------------------------------------------------------------------------------ _______________________________________________ enlightenment-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/enlightenment-devel
