[Nouveau] Kernel patch: validate nouveau_channel_get id argument
Michel Hermier
michel.hermier at gmail.com
Fri Dec 24 09:12:40 PST 2010
Hi,
While hacking libdrm I triggered a kernel oups due to a non checked
argument from user land.
In nouveau_ioctl_notifier_alloc, nouveau_channel_get is invoked, but
it doesn't validate the na->channel input argument. The attached patch
validates the channel index, and change it's type to uint32_t since it
is an index after all.
Cheers,
Michel
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-Fix-channel-nouveau_channel_get-index-type-and-check.patch
Type: application/octet-stream
Size: 2041 bytes
Desc: not available
URL: <http://lists.freedesktop.org/archives/nouveau/attachments/20101224/cd351770/attachment.obj>
More information about the Nouveau
mailing list