From: Kyle Brenneman Date: Wed, 6 Jun 2018 15:08:47 +0000 (-0600) Subject: egl/glvnd: Fix a segfault in eglGetProcAddress. X-Git-Url: https://git.libre-soc.org/?p=mesa.git;a=commitdiff_plain;h=41642bdbca007035772fbfdc311f14daa5510d5d egl/glvnd: Fix a segfault in eglGetProcAddress. If FindProcIndex in egldispatchstubs.c is called with a name that's less than the first entry in the array, it would end up trying to store an index of -1 in an unsigned integer, wrap around to 2^32, and then crash when it tries to look that up. Change FindProcIndex so that it uses bsearch(3) instead of implementing its own binary search, like the GLX equivalent FindGLXFunction does. Reviewed-by: Eric Engestrom --- diff --git a/src/egl/main/egldispatchstubs.c b/src/egl/main/egldispatchstubs.c index e02abd7a9e0..bfc3195c779 100644 --- a/src/egl/main/egldispatchstubs.c +++ b/src/egl/main/egldispatchstubs.c @@ -2,6 +2,7 @@ #include "g_egldispatchstubs.h" #include +#include #include "eglcurrent.h" @@ -10,26 +11,21 @@ static const __EGLapiExports *exports; const int __EGL_DISPATCH_FUNC_COUNT = __EGL_DISPATCH_COUNT; int __EGL_DISPATCH_FUNC_INDICES[__EGL_DISPATCH_COUNT + 1]; +static int Compare(const void *l, const void *r) +{ + const char *s = *(const char **)r; + return strcmp(l, s); +} + static int FindProcIndex(const char *name) { - unsigned first = 0; - unsigned last = __EGL_DISPATCH_COUNT - 1; - - while (first <= last) { - unsigned middle = (first + last) / 2; - int comp = strcmp(name, - __EGL_DISPATCH_FUNC_NAMES[middle]); - - if (comp > 0) - first = middle + 1; - else if (comp < 0) - last = middle - 1; - else - return middle; - } + const char **match = bsearch(name, __EGL_DISPATCH_FUNC_NAMES, + __EGL_DISPATCH_COUNT, sizeof(const char *), Compare); + + if (match == NULL) + return __EGL_DISPATCH_COUNT; - /* Just point to the dummy entry at the end of the respective table */ - return __EGL_DISPATCH_COUNT; + return match - __EGL_DISPATCH_FUNC_NAMES; } void __eglInitDispatchStubs(const __EGLapiExports *exportsTable)