From 4ecd1ef010beadef05f7c63c4546849b2eb5ac15 Mon Sep 17 00:00:00 2001 From: Taro Yamada Date: Tue, 13 Dec 2016 20:18:28 +0900 Subject: [PATCH] xf86drm: fix null termination of string buffer The string written to the buffer by read() is not null-terminated, but currently drmParsePciBusInfo() places null character only at the end of the buffer, not at the end of the string. As a result, the string passed to sscanf() contains an uninitialized value. This patch changes to places null character at the end of the string. Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=99045 Signed-off-by: Taro Yamada Reviewed-by: Emil Velikov --- configure.ac | 2 +- xf86drm.c | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/configure.ac b/configure.ac index e0597c35..39973b62 100644 --- a/configure.ac +++ b/configure.ac @@ -61,7 +61,7 @@ LT_PREREQ([2.2]) LT_INIT([disable-static]) -PKG_CHECK_MODULES(PTHREADSTUBS, pthread-stubs) + AC_SUBST(PTHREADSTUBS_CFLAGS) AC_SUBST(PTHREADSTUBS_LIBS) diff --git a/xf86drm.c b/xf86drm.c index b8b2cfe5..7b78dc6b 100644 --- a/xf86drm.c +++ b/xf86drm.c @@ -2929,11 +2929,11 @@ static int drmParsePciBusInfo(int maj, int min, drmPciBusInfoPtr info) if (fd < 0) return -errno; - ret = read(fd, data, sizeof(data)); - data[sizeof(data)-1] = '\0'; + ret = read(fd, data, sizeof(data)-1); close(fd); if (ret < 0) return -errno; + data[ret] = '\0'; #define TAG "PCI_SLOT_NAME=" str = strstr(data, TAG);