vmwgfx: information leak in vmw_execbuf_copy_fence_user()

If ret is non-zero then we don't initialize the struct which leaks stack information to user space. Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Reviewed-by: Thomas Hellstrom <thellstrom@vmware.com> Reviewed-by: Vasiliy Kulikov <segoon@openwall.com> Signed-off-by: Dave Airlie <airlied@redhat.com>

vmwgfx: information leak in vmw_execbuf_copy_fence_user()
If ret is non-zero then we don't initialize the struct which leaks stack information to user space. Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Reviewed-by: Thomas Hellstrom <thellstrom@vmware.com> Reviewed-by: Vasiliy Kulikov <segoon@openwall.com> Signed-off-by: Dave Airlie <airlied@redhat.com>
80d9b24a · Dan Carpenter · Dave Airlie · 0c5d3703 · 80d9b24a
Commit 80d9b24a authored Oct 18, 2011 by Dan Carpenter Committed by Dave Airlie Oct 18, 2011
Hide whitespace changes
Inline Side-by-side

Showing with 2 additions and 0 deletions

drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c +2 -0

No files found.
--- a/drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c
+++ b/drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c
@@ -1070,6 +1070,8 @@ vmw_execbuf_copy_fence_user(struct vmw_private *dev_priv,
 	if (user_fence_rep == NULL)
 		return;

+	memset(&fence_rep, 0, sizeof(fence_rep));
+
 	fence_rep.error = ret;
 	if (ret == 0) {
 		BUG_ON(fence == NULL);