Attached is a patch for DFB 1.4.3 to fix a single DFB application usage model memory corruption defect in fusion_skirmish_init. This occurred previously when it called strcpy due to the name string buffer pointer being incorrectly calculated. This injection was introduced 2010.12.08 as part of git commit 91afed9692ff15ffc7d2b6221aa5cd061ff44fa9.
I discovered it after investigating why our system driver (which is being transitioned to DFB 1.4.3 from 1.2.10) was encountering memory and freeing related errors. It turned out the systems driver used several skirmishes (some with long names such as 32 characters long), and at last one structure had a skirmish with various other pointers stored after it that were corrupted by the skirmish overwriting them when it tried to make a copy of the skirmish name. Regards, Timothy -- Timothy Strelchun CE Software Engineering Digital Home Group Intel Corporation The views expressed above are my own and not those of Intel
DirectFB-1.4.3_FixSingleAppSkirmish.patch
Description: DirectFB-1.4.3_FixSingleAppSkirmish.patch
_______________________________________________ directfb-dev mailing list directfb-dev@directfb.org http://mail.directfb.org/cgi-bin/mailman/listinfo/directfb-dev
