From: Stefan Dirsch <sndirsch@suse.de>
Date: Thu, 14 Jul 2016 13:21:20 +0000 (+0200)
Subject: Avoid overflow in 'last' variable of FindGLXFunction(...)
X-Git-Url: https://git.libre-soc.org/?a=commitdiff_plain;h=27ef7bfd6cd2d960844f4c79d6dddc0bda0b20b0;p=mesa.git

Avoid overflow in 'last' variable of FindGLXFunction(...)

This 'last' variable used in FindGLXFunction(...) may become negative,
but has been defined as unsigned int resulting in an overflow,
finally resulting in a segfault when accessing _glXDispatchTableStrings[...].
Fixed this by definining it as signed int. 'first' variable also needs to be
defined as signed int. Otherwise condition for while loop fails due to C
implicitly converting signed to unsigned values before comparison.

Cc: <mesa-stable@lists.freedesktop.org>
Signed-off-by: Stefan Dirsch <sndirsch@suse.de>
Reviewed-by: Eric Engestrom <eric.engestrom@imgtec.com>
Reviewed-by: Emil Velikov <emil.velikov@collabora.com>
---

diff --git a/src/glx/glxglvnd.c b/src/glx/glxglvnd.c
index b7252a791ad..962eda8bb5b 100644
--- a/src/glx/glxglvnd.c
+++ b/src/glx/glxglvnd.c
@@ -19,11 +19,11 @@ static void *__glXGLVNDGetProcAddress(const GLubyte *procName)
 
 static unsigned FindGLXFunction(const GLubyte *name)
 {
-    unsigned first = 0;
-    unsigned last = DI_FUNCTION_COUNT - 1;
+    int first = 0;
+    int last = DI_FUNCTION_COUNT - 1;
 
     while (first <= last) {
-        unsigned middle = (first + last) / 2;
+        int middle = (first + last) / 2;
         int comp = strcmp((const char *) name,
                           __glXDispatchTableStrings[middle]);