summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorGert Wollny <[email protected]>2018-02-28 14:50:21 +0100
committerMarek Olšák <[email protected]>2018-03-05 11:38:28 -0500
commit9a0d7bb48c93e7d0109751469a8b32c94e85bc24 (patch)
tree6ff3e08e184f7c2495c9b395a7b25da9cd72fac6
parentb98c905a463a1915fd15861ad2d0af180ad605ac (diff)
gallium/aux/hud: Avoid possible buffer overflow
Limit the length of acceptable cpu names for use in hud_get_num_cpufreq in order to avoid a buffer overflow later in add_object when this name is copied into cpufreq_info::name. Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=105274 Signed-off-by: Gert Wollny <[email protected]> Signed-off-by: Marek Olšák <[email protected]>
-rw-r--r--src/gallium/auxiliary/hud/hud_cpufreq.c8
1 files changed, 6 insertions, 2 deletions
diff --git a/src/gallium/auxiliary/hud/hud_cpufreq.c b/src/gallium/auxiliary/hud/hud_cpufreq.c
index 78a660795c4..d3cf2019c38 100644
--- a/src/gallium/auxiliary/hud/hud_cpufreq.c
+++ b/src/gallium/auxiliary/hud/hud_cpufreq.c
@@ -207,8 +207,12 @@ hud_get_num_cpufreq(bool displayhelp)
while ((dp = readdir(dir)) != NULL) {
- /* Avoid 'lo' and '..' and '.' */
- if (strlen(dp->d_name) <= 2)
+ size_t d_name_len = strlen(dp->d_name);
+
+ /* Avoid 'lo' and '..' and '.', and avoid overlong names that
+ * would result in a buffer overflow in add_object.
+ */
+ if (d_name_len <= 2 || d_name_len > 15)
continue;
if (sscanf(dp->d_name, "cpu%d\n", &cpu_index) != 1)