a1c5cd426c
Coverity complains that the computed sizes can lead to negative lengths passed to memcpy. If that happens we've been handed invalid arguments anyway, so just bomb out. The funky "0%s" is because the size string for the variable-length part of the request is of the form "+ safe_pad() ...", and a unary + would coerce the result to always be positive, defeating the overflow check. Signed-off-by: Adam Jackson <ajax@redhat.com> Reviewed-by: Matt Turner <mattst88@gmail.com> |
||
|---|---|---|
| .. | ||
| es1api | ||
| es2api | ||
| glapi | ||
| shared-glapi | ||
| .gitignore | ||
| Android.mk | ||
| entry.c | ||
| entry.h | ||
| entry_x86-64_tls.h | ||
| entry_x86_tls.h | ||
| entry_x86_tsd.h | ||
| Makefile.am | ||
| Makefile.sources | ||
| mapi.c | ||
| mapi.h | ||
| mapi_abi.py | ||
| mapi_glapi.c | ||
| mapi_tmp.h | ||
| stub.c | ||
| stub.h | ||
| table.c | ||
| table.h | ||
| u_current.c | ||
| u_current.h | ||
| u_execmem.c | ||
| u_execmem.h | ||