[Intel-gfx] [PATCH 2/3] libdrm: fix more potential security issues

[tim.gore at intel.com]

From: Tim Gore <tim.gore at intel.com>

A static analysis of libdrm source code has identified several
potential bugs. This commit addresses the critical issues in
xf86drmHash.c, which are all potential null pointer dereferences.
NOTE: I have kept to the indenting style already used in this file,
which is a mixture of spaces and tabs.

Signed-off-by: Tim Gore <tim.gore at intel.com>
---
 xf86drmHash.c | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/xf86drmHash.c b/xf86drmHash.c
index 82cbc2a..7e6ba44 100644
--- a/xf86drmHash.c
+++ b/xf86drmHash.c
@@ -91,6 +91,7 @@
 #define HASH_RANDOM_INIT(seed)  srandom(seed)
 #define HASH_RANDOM             random()
 #define HASH_RANDOM_DESTROY
+#define HASH_RANDOM_OK          (1)
 #else
 #define HASH_ALLOC drmMalloc
 #define HASH_FREE  drmFree
@@ -98,6 +99,7 @@
 #define HASH_RANDOM_INIT(seed)  state = drmRandomCreate(seed)
 #define HASH_RANDOM             drmRandom(state)
 #define HASH_RANDOM_DESTROY     drmRandomDestroy(state)
+#define HASH_RANDOM_OK          (state != NULL)
 
 #endif
 
@@ -137,8 +139,14 @@ static unsigned long HashHash(unsigned long key)
     if (!init) {
 	HASH_RANDOM_DECL;
 	HASH_RANDOM_INIT(37);
-	for (i = 0; i < 256; i++) scatter[i] = HASH_RANDOM;
-	HASH_RANDOM_DESTROY;
+	if (HASH_RANDOM_OK) {
+	    for (i = 0; i < 256; i++) scatter[i] = HASH_RANDOM;
+	    HASH_RANDOM_DESTROY;
+	} else {
+	    /* if we failed to allocate our random number state, fall back on random() */
+	    srandom(37);
+	    for (i = 0; i < 256; i++) scatter[i] = random();
+	}
 	++init;
     }
 
-- 
1.9.2