https://bugs.freedesktop.org/show_bug.cgi?id=106836
Bug ID: 106836
Summary: Out of bounds array access in FindProcIndex
Product: Mesa
Version: git
Hardware: All
OS: Linux (All)
Status: NEW
Severity: major
Priority: medium
Component: EGL
Assignee: mesa-dev@lists.freedesktop.org
Reporter: yogi...@nvidia.com
QA Contact: mesa-dev@lists.freedesktop.org
Created attachment 140049
--> https://bugs.freedesktop.org/attachment.cgi?id=140049&action=edit
Fix out of bounds array access in FindProcIndex
When name passed to FindProcIndex() is not present in array
__EGL_DISPATCH_FUNC_NAMES, "last" can become -1. But since it is declared as
unsigned "while (first <= last)" check will get pass and
_EGL_DISPATCH_FUNC_NAMES[] will be accessed out of the bounds.
When application try to look egl* API using eglGetProcAddress(), glvnd will try
to set dispatch index by calling __eglSetDispatchIndex()for each vendor. When
mesa's __eglSetDispatchIndex() is called and if egl API is not present in
__EGL_DISPATCH_FUNC_NAMES, application will crash.
--
You are receiving this mail because:
You are the assignee for the bug.
You are the QA Contact for the bug._______________________________________________
mesa-dev mailing list
mesa-dev@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/mesa-dev
