Menu
▾
▴
[Dri-devel] Re: [vendor-sec] Minimal fix for the R128 drivers
|
From: Alan C. <al...@lx...> - 2004-02-14 01:14:42
|
On Gwe, 2004-02-13 at 11:31, Thomas Biege wrote: > Hi, > one of our developers mentioned that depth->n can be negative. > > I didn't checked the whole code but even if depth->n is unsigned, > count is signed and can be negative by using a depth->n > INT_MAX. > > Is this a real problem or do we just hunt ghosts here? I can't see how to exploit it offhand but its certainly soemthing that wants a better fix rolling into the next updates. I'm embarrassed I missed something so obvious |