Buffer overflow in gallium/auxiliary/hud/hud_cpufreq.c
Submitted by ves..@..il.com
Assigned to mes..@..op.org
Link to original bug (#105274)
Description
It is possible to overflow cpufreq_info::name and cpufreq_info::sysfs_filename inside add_object function. It require to somehow(ex. inside chroot) create custom directory inside /sys/devices/system/cpu/
named like cpu0`<custom_data_here>`` and it will pass:
if (sscanf(dp->d_name, "cpu%d\n", &cpu_index) != 1)
continue;
inside hud_get_num_cpufreq function.