diff options
author | Gert Wollny <[email protected]> | 2018-02-28 14:50:21 +0100 |
---|---|---|
committer | Marek Olšák <[email protected]> | 2018-03-05 11:38:28 -0500 |
commit | 9a0d7bb48c93e7d0109751469a8b32c94e85bc24 (patch) | |
tree | 6ff3e08e184f7c2495c9b395a7b25da9cd72fac6 | |
parent | b98c905a463a1915fd15861ad2d0af180ad605ac (diff) |
gallium/aux/hud: Avoid possible buffer overflow
Limit the length of acceptable cpu names for use in hud_get_num_cpufreq
in order to avoid a buffer overflow later in add_object when this name
is copied into cpufreq_info::name.
Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=105274
Signed-off-by: Gert Wollny <[email protected]>
Signed-off-by: Marek Olšák <[email protected]>
-rw-r--r-- | src/gallium/auxiliary/hud/hud_cpufreq.c | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/src/gallium/auxiliary/hud/hud_cpufreq.c b/src/gallium/auxiliary/hud/hud_cpufreq.c index 78a660795c4..d3cf2019c38 100644 --- a/src/gallium/auxiliary/hud/hud_cpufreq.c +++ b/src/gallium/auxiliary/hud/hud_cpufreq.c @@ -207,8 +207,12 @@ hud_get_num_cpufreq(bool displayhelp) while ((dp = readdir(dir)) != NULL) { - /* Avoid 'lo' and '..' and '.' */ - if (strlen(dp->d_name) <= 2) + size_t d_name_len = strlen(dp->d_name); + + /* Avoid 'lo' and '..' and '.', and avoid overlong names that + * would result in a buffer overflow in add_object. + */ + if (d_name_len <= 2 || d_name_len > 15) continue; if (sscanf(dp->d_name, "cpu%d\n", &cpu_index) != 1) |