[PATCH] Wrong bo handles can be referenced in func call, drmModeAddFB2 due to uninitialized array elements in handles[4]
Kristian Høgsberg
hoegsberg at gmail.com
Tue Apr 29 13:24:31 PDT 2014
On Mon, Apr 28, 2014 at 03:26:18PM -0700, Dongwon Kim wrote:
> Need all bo handles in the array, handles[4] to be initialized with integer value that
> indicates "NOT VALID handle" to prevent any of those uninitialized from being processed as
> "VALID" handles.
The format code determines which bo handles are used. For non-planar formats
only the first handle is used and the rest can be uninitialized.
Kristian
> If any of these incorrect handles are passed to the Kernel, it either returns error saying
> "invalid bo from userspace" if the handle doesn't exist or returns wrong resource if it
> exists but is not for the current task.
>
> Signed-off-by: Dongwon Kim <dongwon.kim at intel.com>
> ---
> src/compositor-drm.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/src/compositor-drm.c b/src/compositor-drm.c
> index 9d293bc..6aa405d 100644
> --- a/src/compositor-drm.c
> +++ b/src/compositor-drm.c
> @@ -328,7 +328,8 @@ drm_fb_get_from_bo(struct gbm_bo *bo,
> {
> struct drm_fb *fb = gbm_bo_get_user_data(bo);
> uint32_t width, height;
> - uint32_t handles[4], pitches[4], offsets[4];
> + uint32_t handles[4] = {0};
> + uint32_t pitches[4], offsets[4];
> int ret;
>
> if (fb)
> --
> 1.7.9.5
>
> _______________________________________________
> wayland-devel mailing list
> wayland-devel at lists.freedesktop.org
> http://lists.freedesktop.org/mailman/listinfo/wayland-devel
More information about the wayland-devel
mailing list