On Tue, May 24, 2016 at 12:45 PM, Adam Jackson <[email protected]> wrote: > Coverity complains that the computed sizes can lead to negative lengths > passed to memcpy. If that happens we've been handed invalid arguments > anyway, so just bomb out. > > The funky "0%s" is because the size string for the variable-length part > of the request is of the form "+ safe_pad() ...", and a unary + would > coerce the result to always be positive, defeating the overflow check. > > Signed-off-by: Adam Jackson <[email protected]>
Sorry for the delay, & thanks for the patch. Reviewed-by: Matt Turner <[email protected]> _______________________________________________ mesa-dev mailing list [email protected] https://lists.freedesktop.org/mailman/listinfo/mesa-dev
