From: Taro Yamada archer_ame@yahoo.co.jp
The string written to the buffer by read() is not null-terminated, but currently drmParsePciBusInfo() places null character only at the end of the buffer, not at the end of the string. As a result, the string passed to sscanf() contains an uninitialized value.
This patch changes to places null character at the end of the string.
Signed-off-by: Taro Yamada archer_ame@yahoo.co.jp --- xf86drm.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/xf86drm.c b/xf86drm.c index b5eeeb0..a59cfd0 100644 --- a/xf86drm.c +++ b/xf86drm.c @@ -2925,11 +2925,11 @@ static int drmParsePciBusInfo(int maj, int min, drmPciBusInfoPtr info) if (fd < 0) return -errno;
- ret = read(fd, data, sizeof(data)); - data[sizeof(data)-1] = '\0'; + ret = read(fd, data, sizeof(data)-1); close(fd); if (ret < 0) return -errno; + data[ret] = '\0';
#define TAG "PCI_SLOT_NAME=" str = strstr(data, TAG);