Ensure all fields of the struct fb_deferred_io are zeroed out on init, otherwise the fbdefio->first_io function pointer can contain garbage, and fb_deferred_io_mkwrite() will end up jumping to this garbage address.
Signed-off-by: Nickolai Zeldovich nickolai@csail.mit.edu --- drivers/gpu/drm/udl/udl_fb.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/udl/udl_fb.c b/drivers/gpu/drm/udl/udl_fb.c index d4ab3be..40503ba 100644 --- a/drivers/gpu/drm/udl/udl_fb.c +++ b/drivers/gpu/drm/udl/udl_fb.c @@ -301,7 +301,7 @@ static int udl_fb_open(struct fb_info *info, int user)
struct fb_deferred_io *fbdefio;
- fbdefio = kmalloc(sizeof(struct fb_deferred_io), GFP_KERNEL); + fbdefio = kzalloc(sizeof(struct fb_deferred_io), GFP_KERNEL);
if (fbdefio) { fbdefio->delay = DL_DEFIO_WRITE_DELAY;
dri-devel@lists.freedesktop.org