Avoid overflow in 'last' variable of FindGLXFunction(...)

This 'last' variable used in FindGLXFunction(...) may become negative,
but has been defined as unsigned int resulting in an overflow,
finally resulting in a segfault when accessing _glXDispatchTableStrings[...].
Fixed this by definining it as signed int. 'first' variable also needs to be
defined as signed int. Otherwise condition for while loop fails due to C
implicitly converting signed to unsigned values before comparison.

Cc: <mesa-stable@lists.freedesktop.org>
Signed-off-by: Stefan Dirsch <sndirsch@suse.de>
Reviewed-by: Eric Engestrom <eric.engestrom@imgtec.com>
Reviewed-by: Emil Velikov <emil.velikov@collabora.com>

diff --git a/src/glx/glxglvnd.c b/src/glx/glxglvnd.c
index b7252a791ad5822ca15c6d3e240628de90eeaa9a..962eda8bb5b2e8d16274a663c3bfc1fb45151773 100644 (file)
--- a/src/glx/glxglvnd.c
+++ b/src/glx/glxglvnd.c
@@ -19,11 +19,11 @@ static void *__glXGLVNDGetProcAddress(const GLubyte *procName)
 
 static unsigned FindGLXFunction(const GLubyte *name)
 {
-    unsigned first = 0;
-    unsigned last = DI_FUNCTION_COUNT - 1;
+    int first = 0;
+    int last = DI_FUNCTION_COUNT - 1;
 
     while (first <= last) {
-        unsigned middle = (first + last) / 2;
+        int middle = (first + last) / 2;
         int comp = strcmp((const char *) name,
                           __glXDispatchTableStrings[middle]);