When the dev2screen is sized to xf86NumDrivers in DoConfigure(), subsequent code may attempt to write past the end of the array.
Size the dev2screen array to nDevToConfig instead. Signed-off-by: Jeff Smith <whydo...@gmail.com> --- hw/xfree86/common/xf86Configure.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hw/xfree86/common/xf86Configure.c b/hw/xfree86/common/xf86Configure.c index 72efa2700..4026e3b5b 100644 --- a/hw/xfree86/common/xf86Configure.c +++ b/hw/xfree86/common/xf86Configure.c @@ -703,7 +703,7 @@ DoConfigure(void) xf86DoConfigurePass1 = FALSE; - dev2screen = xnfcalloc(xf86NumDrivers, sizeof(int)); + dev2screen = xnfcalloc(nDevToConfig, sizeof(int)); { Bool *driverProbed = xnfcalloc(xf86NumDrivers, sizeof(Bool)); -- 2.14.3 _______________________________________________ xorg-devel@lists.x.org: X.Org development Archives: http://lists.x.org/archives/xorg-devel Info: https://lists.x.org/mailman/listinfo/xorg-devel