Maybe squash this together with patch 1? On 03/02/2017 01:31 AM, Eric Engestrom wrote:
Otherwise the check would detect that the previous append() resulted in a buffer overflow, which would not even be caught if the last extension in the string is the one that goes over (which is likely).Signed-off-by: Eric Engestrom <e...@engestrom.ch> --- src/egl/main/eglapi.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/egl/main/eglapi.c b/src/egl/main/eglapi.c index d964b4d289..220e53be8c 100644 --- a/src/egl/main/eglapi.c +++ b/src/egl/main/eglapi.c @@ -470,7 +470,8 @@ _eglCreateExtensionsString(_EGLDisplay *dpy) #define _EGL_CHECK_EXTENSION(ext) \ do { \ if (dpy->Extensions.ext) { \ - assert(exts <= dpy->ExtensionsString + _EGL_MAX_EXTENSIONS_LEN); \ + assert(exts + strlen("EGL_" #ext) <= \ + dpy->ExtensionsString + _EGL_MAX_EXTENSIONS_LEN); \ _eglAppendExtension(&exts, "EGL_" #ext); \ } \ } while (0)
_______________________________________________ mesa-dev mailing list mesa-dev@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/mesa-dev
