vmwgfx: information leak in vmw_execbuf_copy_fence_user()
If ret is non-zero then we don't initialize the struct which leaks stack information to user space. Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Reviewed-by: Thomas Hellstrom <thellstrom@vmware.com> Reviewed-by: Vasiliy Kulikov <segoon@openwall.com> Signed-off-by: Dave Airlie <airlied@redhat.com>
This commit is contained in:
parent
0c5d37033b
commit
80d9b24a65
1 changed files with 2 additions and 0 deletions
|
@ -1070,6 +1070,8 @@ vmw_execbuf_copy_fence_user(struct vmw_private *dev_priv,
|
|||
if (user_fence_rep == NULL)
|
||||
return;
|
||||
|
||||
memset(&fence_rep, 0, sizeof(fence_rep));
|
||||
|
||||
fence_rep.error = ret;
|
||||
if (ret == 0) {
|
||||
BUG_ON(fence == NULL);
|
||||
|
|
Loading…
Add table
Reference in a new issue