[PATCH xserver 2/3] xfree86: Allocate sufficienct space for dev2screen array

Jeff Smith Sun, 04 Feb 2018 21:19:25 -0800

When the dev2screen is sized to xf86NumDrivers in DoConfigure(),
subsequent code may attempt to write past the end of the array.


Size the dev2screen array to nDevToConfig instead.

Signed-off-by: Jeff Smith <whydo...@gmail.com>
---
 hw/xfree86/common/xf86Configure.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/xfree86/common/xf86Configure.c 
b/hw/xfree86/common/xf86Configure.c
index 72efa2700..4026e3b5b 100644
--- a/hw/xfree86/common/xf86Configure.c
+++ b/hw/xfree86/common/xf86Configure.c
@@ -703,7 +703,7 @@ DoConfigure(void)
 
     xf86DoConfigurePass1 = FALSE;
 
-    dev2screen = xnfcalloc(xf86NumDrivers, sizeof(int));
+    dev2screen = xnfcalloc(nDevToConfig, sizeof(int));
 
     {
         Bool *driverProbed = xnfcalloc(xf86NumDrivers, sizeof(Bool));
-- 
2.14.3

_______________________________________________
xorg-devel@lists.x.org: X.Org development
Archives: http://lists.x.org/archives/xorg-devel
Info: https://lists.x.org/mailman/listinfo/xorg-devel

[PATCH xserver 2/3] xfree86: Allocate sufficienct space for dev2screen array

Reply via email to