From b058098fdcc5d4ed9b81fdb17f64820c0360ad48 Mon Sep 17 00:00:00 2001 From: Mattias Andrée Date: Mon, 8 Mar 2021 00:21:02 +0100 Subject: m + style fix + check memory allocation overflows MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Mattias Andrée --- fake-quartz-cg.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) (limited to 'fake-quartz-cg.c') diff --git a/fake-quartz-cg.c b/fake-quartz-cg.c index b0cc574..999609b 100644 --- a/fake-quartz-cg.c +++ b/fake-quartz-cg.c @@ -6,7 +6,8 @@ * It should by no means be used, without additional modification, as a * part of a compatibility layer. The purpose of this file is only to make * it possible to test for logical errors in Max OS X specific code on - * a GNU/Linux system under X. */ + * a Linux system under X. + */ @@ -217,7 +218,7 @@ CGGetOnlineDisplayList(uint32_t max_size, CGDirectDisplayID *restrict displays_o } /* Get the number of CRTC:s */ - crtc_count = (uint32_t)(res_reply->num_crtcs); + crtc_count = (uint32_t)res_reply->num_crtcs; /* Get the CRTC ID:s */ crtcs = xcb_randr_get_screen_resources_current_crtcs(res_reply); @@ -227,8 +228,13 @@ CGGetOnlineDisplayList(uint32_t max_size, CGDirectDisplayID *restrict displays_o * `CGDisplayRestoreColorSyncSettings` which restore the * all gamma ramps on the system to the system settnigs. */ + if (crtc_count > SIZE_MAX / sizeof(*original_ramps) / 256 / 3) { + errno = ENOMEM; + goto original_ramps_malloc_fail; + } original_ramps = malloc(crtc_count * 3 * 256 * sizeof(*original_ramps)); if (!original_ramps) { + original_ramps_malloc_fail: perror("malloc"); xcb_disconnect(connection); crtc_count = 0; -- cgit v1.2.3-70-g09d2