Would be more convenient if Mathias would add his Signed-off-by as well and send out the patch, cause he is the original author.
Agreed. Just was not quite sure if Mathias is working on the libdrm project directly or not based on the comments in the bugzilla "hopefully the fix can be pushed to master soon".
Regards, Jammy
-----Original Message----- From: Christian König [mailto:deathsimple@vodafone.de] Sent: Monday, August 24, 2015 3:52 PM To: Zhou, Jammy; dri-devel@lists.freedesktop.org; master.homer@gmail.com Subject: Re: [PATCH] drm: fix the usage after free
On 24.08.2015 05:56, Jammy Zhou wrote:
From: Mathias Tillman master.homer@gmail.com
For readdir_r(), the next directory entry is returned in caller-allocted buffer (pointered by pent here).
https://bugs.freedesktop.org/show_bug.cgi?id=91704
Signed-off-by: Jammy Zhou Jammy.Zhou@amd.com
Would be more convenient if Mathias would add his Signed-off-by as well and send out the patch, cause he is the original author.
Anyway the patch is clearly a nice catch and Reviewed-by: Christian König christian.koenig@amd.com
Regards, Christian.
xf86drm.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/xf86drm.c b/xf86drm.c index 5e02969..a7cc643 100644 --- a/xf86drm.c +++ b/xf86drm.c @@ -2803,11 +2803,12 @@ static char *drmGetMinorNameForFD(int fd, int type)
while (readdir_r(sysdir, pent, &ent) == 0 && ent != NULL) { if (strncmp(ent->d_name, name, len) == 0) {
snprintf(dev_name, sizeof(dev_name), DRM_DIR_NAME "/%s",ent->d_name);free(pent); closedir(sysdir);
snprintf(dev_name, sizeof(dev_name), DRM_DIR_NAME "/%s",ent->d_name); return strdup(dev_name);