lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue, 1 Aug 2006 18:39:40 -0400 From: Dave Jones <davej@...hat.com> To: Alan Cox <alan@...rguk.ukuu.org.uk> Cc: Linux Kernel <linux-kernel@...r.kernel.org> Subject: Re: use persistent allocation for cursor blinking. On Tue, Aug 01, 2006 at 11:17:40PM +0100, Alan Cox wrote: > If the allocation fails we have allocsize = "somesize" and src = NULL. > The next time we enter the if is false and we fall through and Oops > > Either check src in the if or set allocsize to something impossible (eg > 0) on the error path. Good catch. Signed-off-by: Dave Jones <davej@...hat.com> --- linux-2.6/drivers/video/console/softcursor.c~ 2005-12-28 18:40:08.000000000 -0500 +++ linux-2.6/drivers/video/console/softcursor.c 2005-12-28 18:45:50.000000000 -0500 @@ -23,7 +23,9 @@ int soft_cursor(struct fb_info *info, st unsigned int buf_align = info->pixmap.buf_align - 1; unsigned int i, size, dsize, s_pitch, d_pitch; struct fb_image *image; - u8 *dst, *src; + u8 *dst; + static u8 *src=NULL; + static int allocsize = 0; if (info->state != FBINFO_STATE_RUNNING) return 0; @@ -31,9 +33,17 @@ int soft_cursor(struct fb_info *info, st s_pitch = (cursor->image.width + 7) >> 3; dsize = s_pitch * cursor->image.height; - src = kmalloc(dsize + sizeof(struct fb_image), GFP_ATOMIC); - if (!src) - return -ENOMEM; + if (dsize + sizeof(struct fb_image) != allocsize) { + if (src != NULL) + kfree(src); + allocsize = dsize + sizeof(struct fb_image); + + src = kmalloc(allocsize, GFP_ATOMIC); + if (!src) { + allocsize = 0; + return -ENOMEM; + } + } image = (struct fb_image *) (src + dsize); *image = cursor->image; @@ -61,7 +69,6 @@ int soft_cursor(struct fb_info *info, st fb_pad_aligned_buffer(dst, d_pitch, src, s_pitch, image->height); image->data = dst; info->fbops->fb_imageblit(info, image); - kfree(src); return 0; } -- http://www.codemonkey.org.uk - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists