Avoid potential read of bad address in CEA block processing

Detail: c/ScrModes - Reorder while loop conditions to ensure the DTD offset is checked before we try reading any data; prevents potential data abort if initial offset is too large to be valid. Admin: Builds, untested Version 0.47. Retagged as 'ScrModes-0_47'

Avoid potential read of bad address in CEA block processing
Detail: c/ScrModes - Reorder while loop conditions to ensure the DTD offset is checked before we try reading any data; prevents potential data abort if initial offset is too large to be valid. Admin: Builds, untested Version 0.47. Retagged as 'ScrModes-0_47'
020db416 · Jeffrey Lee · d4ee2737 · 020db416
Commit 020db416 authored 10 years ago by Jeffrey Lee
Hide whitespace changes
Inline Side-by-side

Showing with 2 additions and 2 deletions

c/ScrModes c/ScrModes +2 -2

No files found.
--- a/c/ScrModes
+++ b/c/ScrModes
@@ -2516,8 +2516,8 @@ static _kernel_oserror *process_cea_extension_type_3(EDIDExtensionBlockRef ext_b
        return NULL;
    }
-    while ((extdata[dtd_offset] != 0) && (extdata[dtd_offset+1] != 0) &&
+    while ((dtd_offset < (128 - 18)) &&
-           (dtd_offset < (128 - 18)))
+           (extdata[dtd_offset] != 0) && (extdata[dtd_offset+1] != 0))
    {
        ModeDescriptionRef mp;
        mp = (ModeDescriptionRef) malloc (sizeof(ModeDescription));