2673 – Missing memset lets setversion ioctl corrupt memory.

Bug 2673 - Missing memset lets setversion ioctl corrupt memory.

Summary: Missing memset lets setversion ioctl corrupt memory.

Status:	RESOLVED FIXED

Alias:	None

Product:	DRI
Classification:	Unclassified
Component:	DRM/other (show other bugs)
Version:	unspecified
Hardware:	x86 (IA32) Linux (All)

Importance:	high critical
Assignee:	Default DRI bug account
QA Contact:

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2005-03-08 02:37 UTC by Egbert Eich
Modified:	2005-05-27 20:41 UTC (History)
CC List:	0 users

See Also:
i915 platform:
i915 features:

Attachments
Fix (782 bytes, patch) 2005-03-08 02:38 UTC, Egbert Eich	no flags	Details \| Splinter Review
View All

Description Egbert Eich 2005-03-08 02:37:48 UTC

drm_setversion() calls the driver specific version() function passing a pointer
to a local structure. The driver version function copies data to  memory pointed
to by the name, date and desc structure elements if these are not NULL.
Since they are uninitialized and the structure lives on the stack these pointers
point to random addresses.
Bug found in 2.6.11 RC.

Comment 1 Egbert Eich 2005-03-08 02:38:40 UTC

Created attachment 2049 [details] [review]
Fix

Comment 2 Eric Anholt 2005-05-28 13:41:03 UTC

Committed on 2005/03/08 by airlied.

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.