subject:"\[PATCH xserver\] Xext\: dynamically allocate the PanoramiXDepths\[j\].vids array"

Re: [PATCH xserver] Xext: dynamically allocate the PanoramiXDepths[j].vids array

2018-07-18 Thread Peter Hutterer

On Tue, Jul 17, 2018 at 10:12:55PM -0700, Keith Packard wrote: > Peter Hutterer writes: > > > Control flow is: > >PanoramiXMaybeAddDepth() allocates an array size 240 (pDepth->numVisuals) > >PanoramiXMaybeAddVisual() finds up to 270 matches (pScreen->numVisuals) > >and writes those

Re: [PATCH xserver] Xext: dynamically allocate the PanoramiXDepths[j].vids array

2018-07-17 Thread Keith Packard

Peter Hutterer writes: > Control flow is: >PanoramiXMaybeAddDepth() allocates an array size 240 (pDepth->numVisuals) >PanoramiXMaybeAddVisual() finds up to 270 matches (pScreen->numVisuals) >and writes those into the previously allocated array. > > This caused invalid reads/writes

[PATCH xserver] Xext: dynamically allocate the PanoramiXDepths[j].vids array

2018-07-17 Thread Peter Hutterer

Control flow is: PanoramiXMaybeAddDepth() allocates an array size 240 (pDepth->numVisuals) PanoramiXMaybeAddVisual() finds up to 270 matches (pScreen->numVisuals) and writes those into the previously allocated array. This caused invalid reads/writes followed by eventually a double-free

Re: [PATCH xserver] Xext: dynamically allocate the PanoramiXDepths[j].vids array

Re: [PATCH xserver] Xext: dynamically allocate the PanoramiXDepths[j].vids array

[PATCH xserver] Xext: dynamically allocate the PanoramiXDepths[j].vids array

3 matches

Site Navigation

Mail list logo

Footer information