vmwgfx: information leak in vmw_execbuf_copy_fence_user() · 80d9b24a65 - evie/android_kernel_oneplus_msm8998 - Gay Catgirls Forgejo: gay catgirls having sex

evie/android_kernel_oneplus_msm8998

vmwgfx: information leak in vmw_execbuf_copy_fence_user()

If ret is non-zero then we don't initialize the struct which leaks
stack information to user space.

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Reviewed-by: Thomas Hellstrom <thellstrom@vmware.com>
Reviewed-by: Vasiliy Kulikov <segoon@openwall.com>
Signed-off-by: Dave Airlie <airlied@redhat.com>

This commit is contained in:

Dan Carpenter

2011-10-18 09:10:12 +03:00

• committed by

Dave Airlie

parent 0c5d37033b

commit 80d9b24a65

1 changed files with 2 additions and 0 deletions

									
										2

drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c
									
										View file
										
				@ -1070,6 +1070,8 @@ vmw_execbuf_copy_fence_user(struct vmw_private *dev_priv,

					if (user_fence_rep == NULL)

						return;

					memset(&fence_rep, 0, sizeof(fence_rep));

					fence_rep.error = ret;

					if (ret == 0) {

						BUG_ON(fence == NULL);