Please do not reply to this email: if you want to comment on the bug, go to
the URL shown below and enter yourcomments there.
https://bugs.freedesktop.org/show_bug.cgi?id=2673
Summary: Missing memset lets setversion ioctl corrupt memory.
Product: DRI
Version: unspecified
Platform: PC
OS/Version: Linux
Status: NEW
Severity: critical
Priority: P2
Component: DRM modules
AssignedTo: dri-devel@lists.sourceforge.net
ReportedBy: [EMAIL PROTECTED]
drm_setversion() calls the driver specific version() function passing a pointer
to a local structure. The driver version function copies data to memory pointed
to by the name, date and desc structure elements if these are not NULL.
Since they are uninitialized and the structure lives on the stack these pointers
point to random addresses.
Bug found in 2.6.11 RC.
--
Configure bugmail: https://bugs.freedesktop.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
--
_______________________________________________
Dri-devel mailing list
Dri-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dri-devel
