Re: acpi ->video_device_list corruption

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



William Lee Irwin III writes:
 > The ->cap fields of struct acpi_video_device and struct acpi_video_bus
 > are 1B each, not 4B. The oversized memset()'s corrupted the subsequent
 > list_head fields. This resulted in silent corruption without
 > CONFIG_DEBUG_LIST and BUG's with it. This patch uses sizeof() to pass
 > the proper bounds to the memset() calls and thereby correct the bugs.
 > 
 > Included as a MIME attachment is a compressed dmesg from an affected
 > system. The patch was seen to resolve the issue on the affected system.
 > 
 > vs. 2.6.24-rc5
 > 
 > Signed-off-by: William Irwin <[email protected]>
 > 
 > 
 > -- wli
 > 
 > diff --git a/drivers/acpi/video.c b/drivers/acpi/video.c
 > index 44a0d9b..7895d57 100644
 > --- a/drivers/acpi/video.c
 > +++ b/drivers/acpi/video.c
 > @@ -577,7 +577,7 @@ static void acpi_video_device_find_cap(struct acpi_video_device *device)
 >  	struct acpi_video_device_brightness *br = NULL;
 >  
 >  
 > -	memset(&device->cap, 0, 4);
 > +	memset(&device->cap, 0, sizeof(struct acpi_video_device_cap));

IMO the memset(ptr, 0, sizeof(*ptr)) idiom is both safer
and avoids having to write an uninteresting type name.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Stuff]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]     [Linux Resources]
  Powered by Linux