Module: Mesa Branch: master Commit: 9a0d7bb48c93e7d0109751469a8b32c94e85bc24 URL: http://cgit.freedesktop.org/mesa/mesa/commit/?id=9a0d7bb48c93e7d0109751469a8b32c94e85bc24
Author: Gert Wollny <[email protected]> Date: Wed Feb 28 14:50:21 2018 +0100 gallium/aux/hud: Avoid possible buffer overflow Limit the length of acceptable cpu names for use in hud_get_num_cpufreq in order to avoid a buffer overflow later in add_object when this name is copied into cpufreq_info::name. Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=105274 Signed-off-by: Gert Wollny <[email protected]> Signed-off-by: Marek Olšák <[email protected]> --- src/gallium/auxiliary/hud/hud_cpufreq.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/src/gallium/auxiliary/hud/hud_cpufreq.c b/src/gallium/auxiliary/hud/hud_cpufreq.c index 78a660795c..d3cf2019c3 100644 --- a/src/gallium/auxiliary/hud/hud_cpufreq.c +++ b/src/gallium/auxiliary/hud/hud_cpufreq.c @@ -207,8 +207,12 @@ hud_get_num_cpufreq(bool displayhelp) while ((dp = readdir(dir)) != NULL) { - /* Avoid 'lo' and '..' and '.' */ - if (strlen(dp->d_name) <= 2) + size_t d_name_len = strlen(dp->d_name); + + /* Avoid 'lo' and '..' and '.', and avoid overlong names that + * would result in a buffer overflow in add_object. + */ + if (d_name_len <= 2 || d_name_len > 15) continue; if (sscanf(dp->d_name, "cpu%d\n", &cpu_index) != 1) _______________________________________________ mesa-commit mailing list [email protected] https://lists.freedesktop.org/mailman/listinfo/mesa-commit
