Bug 2673 - Missing memset lets setversion ioctl corrupt memory.
Summary: Missing memset lets setversion ioctl corrupt memory.
Alias: None
Product: DRI
Classification: Unclassified
Component: DRM/other (show other bugs)
Version: unspecified
Hardware: x86 (IA32) Linux (All)
: high critical
Assignee: Default DRI bug account
QA Contact:
Depends on:
Reported: 2005-03-08 02:37 UTC by Egbert Eich
Modified: 2005-05-27 20:41 UTC (History)
0 users

See Also:
i915 platform:
i915 features:

Fix (782 bytes, patch)
2005-03-08 02:38 UTC, Egbert Eich
no flags Details | Splinter Review

Note You need to log in before you can comment on or make changes to this bug.
Description Egbert Eich 2005-03-08 02:37:48 UTC
drm_setversion() calls the driver specific version() function passing a pointer
to a local structure. The driver version function copies data to  memory pointed
to by the name, date and desc structure elements if these are not NULL.
Since they are uninitialized and the structure lives on the stack these pointers
point to random addresses.
Bug found in 2.6.11 RC.
Comment 1 Egbert Eich 2005-03-08 02:38:40 UTC
Created attachment 2049 [details] [review]
Comment 2 Eric Anholt 2005-05-28 13:41:03 UTC
Committed on 2005/03/08 by airlied.

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.