Bug 2673 - Missing memset lets setversion ioctl corrupt memory.
Summary: Missing memset lets setversion ioctl corrupt memory.
Status: RESOLVED FIXED
Alias: None
Product: DRI
Classification: Unclassified
Component: DRM/other (show other bugs)
Version: unspecified
Hardware: x86 (IA32) Linux (All)
: high critical
Assignee: Default DRI bug account
QA Contact:
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2005-03-08 02:37 UTC by Egbert Eich
Modified: 2005-05-27 20:41 UTC (History)
0 users

See Also:
i915 platform:
i915 features:


Attachments
Fix (782 bytes, patch)
2005-03-08 02:38 UTC, Egbert Eich
no flags Details | Splinter Review

Note You need to log in before you can comment on or make changes to this bug.
Description Egbert Eich 2005-03-08 02:37:48 UTC
drm_setversion() calls the driver specific version() function passing a pointer
to a local structure. The driver version function copies data to  memory pointed
to by the name, date and desc structure elements if these are not NULL.
Since they are uninitialized and the structure lives on the stack these pointers
point to random addresses.
Bug found in 2.6.11 RC.
Comment 1 Egbert Eich 2005-03-08 02:38:40 UTC
Created attachment 2049 [details] [review]
Fix
Comment 2 Eric Anholt 2005-05-28 13:41:03 UTC
Committed on 2005/03/08 by airlied.


bug/show.html.tmpl processed on Sep 26, 2016 at 15:43:47.
(provided by the Example extension).