Index: libdrm-2.4.107/xf86drm.c =================================================================== --- libdrm-2.4.107.orig/xf86drm.c +++ libdrm-2.4.107/xf86drm.c @@ -3359,7 +3359,8 @@ static char *drmGetMinorNameForFD(int fd return strdup(name); #else struct stat sbuf; - char buf[PATH_MAX + 1]; + char *buf = NULL; + int len = 0; const char *dev_name = drmGetDeviceName(type); unsigned int maj, min; int n; @@ -3376,11 +3377,19 @@ static char *drmGetMinorNameForFD(int fd if (!dev_name) return NULL; - n = snprintf(buf, sizeof(buf), dev_name, DRM_DIR_NAME, min); - if (n == -1 || n >= sizeof(buf)) + len = snprintf(NULL, 0, dev_name, DRM_DIR_NAME, min); + if (len < 0) return NULL; + buf = (char *) malloc(len + 1); + if(buf == NULL ) + return NULL; + n = snprintf(buf, len + 1, dev_name, DRM_DIR_NAME, min); + if (n == -1 || n > len) { + free(buf); + return NULL; + } - return strdup(buf); + return buf; #endif } @@ -3946,7 +3955,9 @@ static drmDevicePtr drmDeviceAlloc(unsig ptr += max_node_length; } - memcpy(device->nodes[type], node, max_node_length); + /* This fixes debian bug #975658 and upstream bug #1679430 */ + memcpy(device->nodes[type], node, max_node_length <= strlen(node)+1 ? max_node_length : strlen(node)+1); + *ptrp = ptr; @@ -4326,17 +4337,31 @@ process_device(drmDevicePtr *device, con bool fetch_deviceinfo, uint32_t flags) { struct stat sbuf; - char node[PATH_MAX + 1]; + char *node = NULL; int node_type, subsystem_type; + int len = 0, n, ret = 0; unsigned int maj, min; node_type = drmGetNodeType(d_name); if (node_type < 0) return -1; - snprintf(node, PATH_MAX, "%s/%s", DRM_DIR_NAME, d_name); - if (stat(node, &sbuf)) + len = snprintf(NULL, 0, "%s/%s", DRM_DIR_NAME, d_name); + if (len < 0) + return -1; + node = (char *) malloc(len + 1); + if(node == NULL ) + return NULL; + n = snprintf(node, len + 1, "%s/%s", DRM_DIR_NAME, d_name); + if (n == -1 || n > len) { + free(node); + return -1; + } + + if (stat(node, &sbuf)) { + free(node); return -1; + } maj = major(sbuf.st_rdev); min = minor(sbuf.st_rdev); @@ -4351,18 +4376,27 @@ process_device(drmDevicePtr *device, con switch (subsystem_type) { case DRM_BUS_PCI: case DRM_BUS_VIRTIO: - return drmProcessPciDevice(device, node, node_type, maj, min, + ret = drmProcessPciDevice(device, node, node_type, maj, min, fetch_deviceinfo, flags); + free(node); + return ret; case DRM_BUS_USB: - return drmProcessUsbDevice(device, node, node_type, maj, min, + ret = drmProcessUsbDevice(device, node, node_type, maj, min, fetch_deviceinfo, flags); + free(node); + return ret; case DRM_BUS_PLATFORM: - return drmProcessPlatformDevice(device, node, node_type, maj, min, + ret = drmProcessPlatformDevice(device, node, node_type, maj, min, fetch_deviceinfo, flags); + free(node); + return ret; case DRM_BUS_HOST1X: - return drmProcessHost1xDevice(device, node, node_type, maj, min, + ret = drmProcessHost1xDevice(device, node, node_type, maj, min, fetch_deviceinfo, flags); + free(node); + return ret; default: + free(node); return -1; } } @@ -4689,10 +4723,10 @@ drm_public char *drmGetDeviceNameFromFd2 return drmGetDeviceNameFromFd(fd); #else struct stat sbuf; - char node[PATH_MAX + 1]; + char *node = NULL; const char *dev_name; int node_type; - int maj, min, n; + int maj, min, n, len = 0; if (fstat(fd, &sbuf)) return NULL; @@ -4711,11 +4745,17 @@ drm_public char *drmGetDeviceNameFromFd2 if (!dev_name) return NULL; - n = snprintf(node, PATH_MAX, dev_name, DRM_DIR_NAME, min); - if (n == -1 || n >= PATH_MAX) + len = snprintf(NULL, 0, dev_name, DRM_DIR_NAME, min); + if (len < 0) + return NULL; + node = (char *) malloc(len + 1); + if(node == NULL ) + return NULL; + n = snprintf(node, len + 1, dev_name, DRM_DIR_NAME, min); + if (n == -1 || n > len) return NULL; - return strdup(node); + return node; #endif }