* [PATCH 18/18] radeonfb: Fix static array overrun
@ 2006-03-11 1:53 Antonino A. Daplas
0 siblings, 0 replies; only message in thread
From: Antonino A. Daplas @ 2006-03-11 1:53 UTC (permalink / raw)
To: Andrew Morton; +Cc: Linux Fbdev development list, Benjamin Herrenschmidt
radeonfb_parse_monitor_layout() will produce an array overrun if passed
with a substring of length higher than 4 (ie, "XXXXX,YYYYYY").
Coverity Bug 494
Signed-off-by: Antonino Daplas <adaplas@pol.net>
---
drivers/video/aty/radeon_monitor.c | 4 ++++
1 files changed, 4 insertions(+), 0 deletions(-)
diff --git a/drivers/video/aty/radeon_monitor.c b/drivers/video/aty/radeon_monitor.c
index 7f9838d..98c05bc 100644
--- a/drivers/video/aty/radeon_monitor.c
+++ b/drivers/video/aty/radeon_monitor.c
@@ -396,6 +396,10 @@ static int __devinit radeon_parse_monito
s1[i] = *s;
i++;
}
+
+ if (i > 4)
+ i = 4;
+
} while (*s++);
if (second)
s2[i] = 0;
-------------------------------------------------------
This SF.Net email is sponsored by xPML, a groundbreaking scripting language
that extends applications into web and mobile media. Attend the live webcast
and join the prime developer group breaking into this new coding territory!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2006-03-11 3:32 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2006-03-11 1:53 [PATCH 18/18] radeonfb: Fix static array overrun Antonino A. Daplas
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).