| Summary: | Buffer overflow in fbCopyArea() | ||||||
|---|---|---|---|---|---|---|---|
| Product: | xorg | Reporter: | Sergey Svishchev <svs> | ||||
| Component: | Server/General | Assignee: | Xorg Project Team <xorg-team> | ||||
| Status: | RESOLVED FIXED | QA Contact: | Xorg Project Team <xorg-team> | ||||
| Severity: | normal | ||||||
| Priority: | medium | CC: | matthieu.herrb | ||||
| Version: | 7.3 (2007.09) | Keywords: | patch | ||||
| Hardware: | All | ||||||
| OS: | All | ||||||
| See Also: | https://bugs.freedesktop.org/show_bug.cgi?id=32765 | ||||||
| Whiteboard: | 2012BRB_Reviewed | ||||||
| i915 platform: | i915 features: | ||||||
| Bug Depends on: | |||||||
| Bug Blocks: | 44202 | ||||||
| Attachments: |
|
||||||
|
Description
Sergey Svishchev
2007-05-24 11:20:17 UTC
Created attachment 10083 [details] [review] proposed fix 7.3 has the same code. the whole 24_32 code seems so stunningly broken that i'm not sure we can even try to fix this for 1.7. pushing out to 7.6. Tagging patch; will triage later. I really don't see this patch being correct at all. If we ever hit this path there's a much more fundamental assumption being violated elsewhere. I'd be interested to see a better backtrace from this case. I may still have the hardware that triggered this bug; will try to reproduce sometime later. This is not apparently affecting too many users, and fixing it would require more code change that I'd feel comfortable with in the stable branch. Moving to the 1.11 tracker. This can't happen anymore now that 24bpp support is dead. |
Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.