Bug 2673 - Missing memset lets setversion ioctl corrupt memory.
Missing memset lets setversion ioctl corrupt memory.
Product: DRI
Classification: Unclassified
Component: DRM/other
x86 (IA32) Linux (All)
: high critical
Assigned To: Default DRI bug account
Depends on:
  Show dependency treegraph
Reported: 2005-03-08 02:37 UTC by Egbert Eich
Modified: 2005-05-27 20:41 UTC (History)
0 users

See Also:
i915 platform:
i915 features:

Fix (782 bytes, patch)
2005-03-08 02:38 UTC, Egbert Eich
no flags Details | Splinter Review

Note You need to log in before you can comment on or make changes to this bug.
Description Egbert Eich 2005-03-08 02:37:48 UTC
drm_setversion() calls the driver specific version() function passing a pointer
to a local structure. The driver version function copies data to  memory pointed
to by the name, date and desc structure elements if these are not NULL.
Since they are uninitialized and the structure lives on the stack these pointers
point to random addresses.
Bug found in 2.6.11 RC.
Comment 1 Egbert Eich 2005-03-08 02:38:40 UTC
Created attachment 2049 [details] [review]
Comment 2 Eric Anholt 2005-05-28 13:41:03 UTC
Committed on 2005/03/08 by airlied.