[patch] vmwgfx: information leak in vmw_execbuf_copy_fence_user()
Thomas Hellstrom
thellstrom at vmware.com
Mon Oct 17 23:38:22 PDT 2011
On 10/18/2011 08:10 AM, Dan Carpenter wrote:
> If ret is non-zero then we don't initialize the struct which leaks
> stack information to user space.
>
> Signed-off-by: Dan Carpenter<dan.carpenter at oracle.com>
>
Reviewed-by: Thomas Hellstrom <thellstrom at vmware.com>
> diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c b/drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c
> index d4a1d8b..28e1c35 100644
> --- a/drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c
> +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c
> @@ -1070,6 +1070,8 @@ vmw_execbuf_copy_fence_user(struct vmw_private *dev_priv,
> if (user_fence_rep == NULL)
> return;
>
> + memset(&fence_rep, 0, sizeof(fence_rep));
> +
> fence_rep.error = ret;
> if (ret == 0) {
> BUG_ON(fence == NULL);
>
More information about the dri-devel
mailing list