| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 12 Dec 2007 12:48:09 +0100 From: Mikael Pettersson <mikpe@...uu.se> To: William Lee Irwin III <wli@...omorphy.com> Cc: lenb@...nel.org, linux-acpi@...r.kernel.org, linux-kernel@...r.kernel.org Subject: Re: acpi ->video_device_list corruption William Lee Irwin III writes: > The ->cap fields of struct acpi_video_device and struct acpi_video_bus > are 1B each, not 4B. The oversized memset()'s corrupted the subsequent > list_head fields. This resulted in silent corruption without > CONFIG_DEBUG_LIST and BUG's with it. This patch uses sizeof() to pass > the proper bounds to the memset() calls and thereby correct the bugs. > > Included as a MIME attachment is a compressed dmesg from an affected > system. The patch was seen to resolve the issue on the affected system. > > vs. 2.6.24-rc5 > > Signed-off-by: William Irwin <wli@...omorphy.com> > > > -- wli > > diff --git a/drivers/acpi/video.c b/drivers/acpi/video.c > index 44a0d9b..7895d57 100644 > --- a/drivers/acpi/video.c > +++ b/drivers/acpi/video.c > @@ -577,7 +577,7 @@ static void acpi_video_device_find_cap(struct acpi_video_device *device) > struct acpi_video_device_brightness *br = NULL; > > > - memset(&device->cap, 0, 4); > + memset(&device->cap, 0, sizeof(struct acpi_video_device_cap)); IMO the memset(ptr, 0, sizeof(*ptr)) idiom is both safer and avoids having to write an uninteresting type name. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists