We are reading at most sizeof(data) bytes, but then data may not contain
a terminating '\0', at least in theory, so strstr() may overflow the
stack allocated array.
Make sure that data always contains at least one '\0'.
Signed-off-by: Damien Lespiau <damien.lespiau@xxxxxxxxx>
---
xf86drm.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/xf86drm.c b/xf86drm.c
index 7e28b4f..5f587d9 100644
--- a/xf86drm.c
+++ b/xf86drm.c
@@ -2863,7 +2863,7 @@ static int drmParsePciBusInfo(int maj, int min, drmPciBusInfoPtr info)
{
#ifdef __linux__
char path[PATH_MAX + 1];
- char data[128];
+ char data[128 + 1];
char *str;
int domain, bus, dev, func;
int fd, ret;
@@ -2874,6 +2874,7 @@ static int drmParsePciBusInfo(int maj, int min, drmPciBusInfoPtr info)
return -errno;
ret = read(fd, data, sizeof(data));
+ data[128] = '\0';
close(fd);
if (ret < 0)
return -errno;
--
2.4.3
_______________________________________________
dri-devel mailing list
dri-devel@xxxxxxxxxxxxxxxxxxxxx
http://lists.freedesktop.org/mailman/listinfo/dri-devel
