| Summary: | [Patch] Heap buffer overflow in setup_plane in SDL_kmsdrmvideo.c | ||
|---|---|---|---|
| Product: | SDL | Reporter: | Mathieu Eyraud <meyraud705> |
| Component: | video | Assignee: | Sam Lantinga <slouken> |
| Status: | RESOLVED FIXED | QA Contact: | Sam Lantinga <slouken> |
| Severity: | normal | ||
| Priority: | P2 | CC: | redwindwanderer |
| Version: | 2.0.13 | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Attachments: | Fix size argument of calloc | ||
Thanks! Patch merged! Hadn't noticed this... How did you notice something so subtle? Nice find, really. Like most bug I reported here, it was found by clang-tidy. If you want more info on how I run clang-tidy then check this comment: https://bugzilla.libsdl.org/show_bug.cgi?id=4841#c4 Be aware that the patch that improve clang-tidy result is not compatible with the script that generate dynapi. |
Created attachment 4462 [details] Fix size argument of calloc Memory allocation for variable 'plane' in function 'setup_plane' uses size of a pointer instead of size of the structure. This result in an overflow when writing to the variable. 3 other allocations have an incorrect size parameter, but does not result in overflow.