From aa78b29ebad710d743747bb9b9755b6eea9ed4d2 Mon Sep 17 00:00:00 2001
From: Eric Engestrom <eric.engestrom@intel.com>
Date: Thu, 16 Aug 2018 15:31:55 +0100
Subject: [PATCH] egl: check for buffer overflow *before* corrupting our memory

Signed-off-by: Eric Engestrom <eric.engestrom@intel.com>
Reviewed-by: Emil Velikov <emil.velikov@collabora.com>
---
 src/egl/main/eglapi.c | 19 +++++++++++++++----
 1 file changed, 15 insertions(+), 4 deletions(-)

diff --git a/src/egl/main/eglapi.c b/src/egl/main/eglapi.c
index 19fae12f5b7..5e5048c4d69 100644
--- a/src/egl/main/eglapi.c
+++ b/src/egl/main/eglapi.c
@@ -538,19 +538,30 @@ _eglCreateExtensionsString(_EGLDisplay *dpy)
 static void
 _eglCreateAPIsString(_EGLDisplay *dpy)
 {
+#define addstr(str) \
+   { \
+      const size_t old_len = strlen(dpy->ClientAPIsString); \
+      const size_t add_len = sizeof(str); \
+      const size_t max_len = sizeof(dpy->ClientAPIsString) - 1; \
+      if (old_len + add_len <= max_len) \
+         strcat(dpy->ClientAPIsString, str " "); \
+      else \
+         assert(!"dpy->ClientAPIsString is not large enough"); \
+   }
+
    if (dpy->ClientAPIs & EGL_OPENGL_BIT)
-      strcat(dpy->ClientAPIsString, "OpenGL ");
+      addstr("OpenGL");
 
    if (dpy->ClientAPIs & EGL_OPENGL_ES_BIT ||
        dpy->ClientAPIs & EGL_OPENGL_ES2_BIT ||
        dpy->ClientAPIs & EGL_OPENGL_ES3_BIT_KHR) {
-      strcat(dpy->ClientAPIsString, "OpenGL_ES ");
+      addstr("OpenGL_ES");
    }
 
    if (dpy->ClientAPIs & EGL_OPENVG_BIT)
-      strcat(dpy->ClientAPIsString, "OpenVG ");
+      addstr("OpenVG");
 
-   assert(strlen(dpy->ClientAPIsString) < sizeof(dpy->ClientAPIsString));
+#undef addstr
 }
 
 static void
-- 
2.30.2