[PATCH] drm: fix the usage after free
Zhou, Jammy
Jammy.Zhou at amd.com
Mon Aug 24 00:59:23 PDT 2015
> Would be more convenient if Mathias would add his Signed-off-by as well and send out the patch, cause he is the original author.
Agreed. Just was not quite sure if Mathias is working on the libdrm project directly or not based on the comments in the bugzilla "hopefully the fix can be pushed to master soon".
Regards,
Jammy
-----Original Message-----
From: Christian König [mailto:deathsimple at vodafone.de]
Sent: Monday, August 24, 2015 3:52 PM
To: Zhou, Jammy; dri-devel at lists.freedesktop.org; master.homer at gmail.com
Subject: Re: [PATCH] drm: fix the usage after free
On 24.08.2015 05:56, Jammy Zhou wrote:
> From: Mathias Tillman <master.homer at gmail.com>
>
> For readdir_r(), the next directory entry is returned in
> caller-allocted buffer (pointered by pent here).
>
> https://bugs.freedesktop.org/show_bug.cgi?id=91704
>
> Signed-off-by: Jammy Zhou <Jammy.Zhou at amd.com>
Would be more convenient if Mathias would add his Signed-off-by as well and send out the patch, cause he is the original author.
Anyway the patch is clearly a nice catch and Reviewed-by: Christian König <christian.koenig at amd.com>
Regards,
Christian.
> ---
> xf86drm.c | 5 +++--
> 1 file changed, 3 insertions(+), 2 deletions(-)
>
> diff --git a/xf86drm.c b/xf86drm.c
> index 5e02969..a7cc643 100644
> --- a/xf86drm.c
> +++ b/xf86drm.c
> @@ -2803,11 +2803,12 @@ static char *drmGetMinorNameForFD(int fd, int
> type)
>
> while (readdir_r(sysdir, pent, &ent) == 0 && ent != NULL) {
> if (strncmp(ent->d_name, name, len) == 0) {
> + snprintf(dev_name, sizeof(dev_name), DRM_DIR_NAME "/%s",
> + ent->d_name);
> +
> free(pent);
> closedir(sysdir);
>
> - snprintf(dev_name, sizeof(dev_name), DRM_DIR_NAME "/%s",
> - ent->d_name);
> return strdup(dev_name);
> }
> }
More information about the dri-devel
mailing list