Mesa (master): egl/glvnd: Fix a segfault in eglGetProcAddress.

Mon, 11 Jun 2018 04:27:02 -0700 

Module: Mesa
Branch: master
Commit: 41642bdbca007035772fbfdc311f14daa5510d5d
URL:    
http://cgit.freedesktop.org/mesa/mesa/commit/?id=41642bdbca007035772fbfdc311f14daa5510d5d

Author: Kyle Brenneman <kbrenne...@nvidia.com>
Date:   Wed Jun  6 09:08:47 2018 -0600

egl/glvnd: Fix a segfault in eglGetProcAddress.

If FindProcIndex in egldispatchstubs.c is called with a name that's less than
the first entry in the array, it would end up trying to store an index of -1 in
an unsigned integer, wrap around to 2^32, and then crash when it tries to look
that up.

Change FindProcIndex so that it uses bsearch(3) instead of implementing its own
binary search, like the GLX equivalent FindGLXFunction does.

Reviewed-by: Eric Engestrom <eric.engest...@intel.com>

---

 src/egl/main/egldispatchstubs.c | 30 +++++++++++++-----------------
 1 file changed, 13 insertions(+), 17 deletions(-)

diff --git a/src/egl/main/egldispatchstubs.c b/src/egl/main/egldispatchstubs.c
index e02abd7a9e..bfc3195c77 100644
--- a/src/egl/main/egldispatchstubs.c
+++ b/src/egl/main/egldispatchstubs.c
@@ -2,6 +2,7 @@
 #include "g_egldispatchstubs.h"
 
 #include <string.h>
+#include <stdlib.h>
 
 #include "eglcurrent.h"
 
@@ -10,26 +11,21 @@ static const __EGLapiExports *exports;
 const int __EGL_DISPATCH_FUNC_COUNT = __EGL_DISPATCH_COUNT;
 int __EGL_DISPATCH_FUNC_INDICES[__EGL_DISPATCH_COUNT + 1];
 
+static int Compare(const void *l, const void *r)
+{
+    const char *s = *(const char **)r;
+    return strcmp(l, s);
+}
+
 static int FindProcIndex(const char *name)
 {
-    unsigned first = 0;
-    unsigned last = __EGL_DISPATCH_COUNT - 1;
-
-    while (first <= last) {
-        unsigned middle = (first + last) / 2;
-        int comp = strcmp(name,
-                          __EGL_DISPATCH_FUNC_NAMES[middle]);
-
-        if (comp > 0)
-            first = middle + 1;
-        else if (comp < 0)
-            last = middle - 1;
-        else
-            return middle;
-    }
+    const char **match = bsearch(name, __EGL_DISPATCH_FUNC_NAMES,
+            __EGL_DISPATCH_COUNT, sizeof(const char *), Compare);
+
+    if (match == NULL)
+        return __EGL_DISPATCH_COUNT;
 
-    /* Just point to the dummy entry at the end of the respective table */
-    return __EGL_DISPATCH_COUNT;
+    return match - __EGL_DISPATCH_FUNC_NAMES;
 }
 
 void __eglInitDispatchStubs(const __EGLapiExports *exportsTable)

_______________________________________________
mesa-commit mailing list
mesa-commit@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/mesa-commit

Reply via email to