Created attachment 143633 [details] [PATCH libdrm] xf86drm: Fix segmentation fault while parsing device info Since commit ee798b98479709acdd8d1492689dc93c1a62f239 (xf85drm: de-duplicate drmParse{Platform.Host1x}{Bus,Device}Info) I encounter a segfault at line 3632: *compatible[i] = tmp_name; Libdrm segfaults as soon as i>0. This was encountered on armhf platform (Allwinner A10) with kernel 5.0 including drm-misc-next and the lima driver (https://gitlab.freedesktop.org/lima/linux/commits/lima-drm-misc-next-20190309) and the lima mesa branch (https://gitlab.freedesktop.org/lima/mesa) while running glmark2-es2-drm and kmscube. You can see the original issue including backtrace and strace reported here: https://gitlab.freedesktop.org/lima/mesa/issues/80#note_129271 The attached patch fixes it.
Thanks! Your fix is correct, although partial: the same bug appears again in the free() a couple lines below. I've added it as part of your patch and pushed it: commit 4735ca71af9f741e2438104d543dc3c5a8107f35 Author: Andreas Baierl <ichgeh@imkreisrum.de> Date: Mon Mar 11 16:04:08 2019 +0100 xf86drm: Fix segmentation fault while parsing device info This fixes a bug, which was introduced with commit ee798b98 "xf85drm: de-duplicate drmParse{Platform.Host1x}{Bus,Device}Info". where accessing *compatible[i] with i>0 results in a segfault. Signed-off-by: Andreas Baierl <ichgeh@imkreisrum.de> Fixes: ee798b98479709acdd8d "xf85drm: de-duplicate drmParse{Platform.Host1x}{Bus,Device}Info" Reviewed-by: Eric Engestrom <eric.engestrom@intel.com> [Eric: add the same fix to the free() below] Signed-off-by: Eric Engestrom <eric.engestrom@intel.com>
Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.