xfree86: Fix out of array bound access to xf86Entities (!700) · Merge requests · xorg / xserver

Łukasz Spintzyk requested to merge Spintzyk/xserver:fix_crash_in_1187 into master Jun 24, 2021

This is fixing crash reported in #1187 (closed):

(gdb) bt
#0  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:49
#1  0x00007ffff7880864 in __GI_abort () at abort.c:79
#2  0x00005555557bf9ad in OsAbort () at ../../../../os/utils.c:1351
#3  0x00005555557c9407 in AbortServer () at ../../../../os/log.c:872
#4  0x00005555557c993f in FatalError (f=0x555555804920 "Caught signal %d (%s). Server aborting\n") at ../../../../os/log.c:1010
#5  0x00005555557bba49 in OsSigHandler (signo=11, sip=0x7fffffffdd70, unused=0x7fffffffdc40) at ../../../../os/osinit.c:156
#6  <signal handler called>
#7  0x000055555561a8e8 in xf86SetDepthBpp (scrp=0x5555558e1a40, depth=24, dummy=24, fbbpp=32, depth24flags=22) at ../../../../../../hw/xfree86/common/xf86Helper.c:406
#8  0x00007ffff70ef66a in PreInit (pScrn=0x5555558e1a40, flags=0) at ../../../../../../../hw/xfree86/drivers/modesetting/driver.c:951
#9  0x0000555555610c23 in InitOutput (pScreenInfo=0x555555881c60 <screenInfo>, argc=1, argv=0x7fffffffe4e8) at ../../../../../../hw/xfree86/common/xf86Init.c:570
#10 0x00005555555b5336 in dix_main (argc=1, argv=0x7fffffffe4e8, envp=0x7fffffffe4f8) at ../../../../dix/main.c:193
#11 0x00005555555959e5 in main (argc=1, argv=0x7fffffffe4e8, envp=0x7fffffffe4f8) at ../../../../dix/stubmain.c:34

Happening when using udl device and attached xorg config file: #1187 (comment 969136)

xfree86: Fix out of array bound access to xf86Entities

Merge request reports