From 8daf6de3deddef8f71f8b1af61b12cd8cb783433 Mon Sep 17 00:00:00 2001 From: Thomas Hindoe Paaboel Andersen Date: Sun, 15 Jan 2017 00:28:54 +0100 Subject: [PATCH] gallium/hud: avoid buffer overrun MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit Renaming data sources was added in e8bb97ce30051b999a4a69c9b27884daeb8d71e6 It was possible to use a new name longer than the name array in hud_graph of 128. This patch truncates the name to fit the array. CC: Marek Olšák Signed-off-by: Marek Olšák --- src/gallium/auxiliary/hud/hud_context.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/src/gallium/auxiliary/hud/hud_context.c b/src/gallium/auxiliary/hud/hud_context.c index fd9a7bc2fcb..a635797328d 100644 --- a/src/gallium/auxiliary/hud/hud_context.c +++ b/src/gallium/auxiliary/hud/hud_context.c @@ -1275,8 +1275,10 @@ hud_parse_env_var(struct hud_context *hud, const char *env) strip_hyphens(s); if (!LIST_IS_EMPTY(&pane->graph_list)) { - strcpy(LIST_ENTRY(struct hud_graph, - pane->graph_list.prev, head)->name, s); + struct hud_graph *graph; + graph = LIST_ENTRY(struct hud_graph, pane->graph_list.prev, head); + strncpy(graph->name, s, sizeof(graph->name)-1); + graph->name[sizeof(graph->name)-1] = 0; } } -- 2.30.2