Hi,
attached is a patch that fixes a crash on startup that I got using the
accelerated X11 driver. The code here accesses a string that is owned by
the OpenGL context after having destroyed the context. It also passes
this string as a format string to snprintf(). That's potentially
dangerous as that string might contain printf-like format sequences.
Sven
>From 13406f589072f65236517de585c96e17db067806 Mon Sep 17 00:00:00 2001
From: Sven Neumann <s.neum...@phase-zero.de>
Date: Tue, 10 Mar 2009 18:15:57 +0100
Subject: [PATCH] don't use the renderer string after destroying the GL context
don't pass unknown strings as format string to snprintf
---
gfxdrivers/gl/gl_gfxdriver.c | 6 +++---
1 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/gfxdrivers/gl/gl_gfxdriver.c b/gfxdrivers/gl/gl_gfxdriver.c
index b9f04e8..34479d4 100644
--- a/gfxdrivers/gl/gl_gfxdriver.c
+++ b/gfxdrivers/gl/gl_gfxdriver.c
@@ -155,12 +155,12 @@ driver_init_device( CoreGraphicsDevice *device,
renderer = (const char*) glGetString( GL_RENDERER );
glXMakeCurrent( display, None, NULL );
- glXDestroyContext( display, context );
-
/* fill device info */
snprintf( device_info->vendor, DFB_GRAPHICS_DEVICE_INFO_VENDOR_LENGTH, "OpenGL Acceleration -" );
- snprintf( device_info->name, DFB_GRAPHICS_DEVICE_INFO_NAME_LENGTH, renderer ?: "Unknown" );
+ snprintf( device_info->name, DFB_GRAPHICS_DEVICE_INFO_NAME_LENGTH, "%s", renderer ?: "Unknown" );
+
+ glXDestroyContext( display, context );
/* device limitations */
device_info->limits.surface_byteoffset_alignment = 8;
--
1.6.2
_______________________________________________
directfb-dev mailing list
directfb-dev@directfb.org
http://mail.directfb.org/cgi-bin/mailman/listinfo/directfb-dev
