> Would be more convenient if Mathias would add his Signed-off-by as well and > send out the patch, cause he is the original author.
Agreed. Just was not quite sure if Mathias is working on the libdrm project directly or not based on the comments in the bugzilla "hopefully the fix can be pushed to master soon". Regards, Jammy -----Original Message----- From: Christian König [mailto:deathsim...@vodafone.de] Sent: Monday, August 24, 2015 3:52 PM To: Zhou, Jammy; dri-devel at lists.freedesktop.org; master.homer at gmail.com Subject: Re: [PATCH] drm: fix the usage after free On 24.08.2015 05:56, Jammy Zhou wrote: > From: Mathias Tillman <master.homer at gmail.com> > > For readdir_r(), the next directory entry is returned in > caller-allocted buffer (pointered by pent here). > > https://bugs.freedesktop.org/show_bug.cgi?id=91704 > > Signed-off-by: Jammy Zhou <Jammy.Zhou at amd.com> Would be more convenient if Mathias would add his Signed-off-by as well and send out the patch, cause he is the original author. Anyway the patch is clearly a nice catch and Reviewed-by: Christian König <christian.koenig at amd.com> Regards, Christian. > --- > xf86drm.c | 5 +++-- > 1 file changed, 3 insertions(+), 2 deletions(-) > > diff --git a/xf86drm.c b/xf86drm.c > index 5e02969..a7cc643 100644 > --- a/xf86drm.c > +++ b/xf86drm.c > @@ -2803,11 +2803,12 @@ static char *drmGetMinorNameForFD(int fd, int > type) > > while (readdir_r(sysdir, pent, &ent) == 0 && ent != NULL) { > if (strncmp(ent->d_name, name, len) == 0) { > + snprintf(dev_name, sizeof(dev_name), DRM_DIR_NAME "/%s", > + ent->d_name); > + > free(pent); > closedir(sysdir); > > - snprintf(dev_name, sizeof(dev_name), DRM_DIR_NAME "/%s", > - ent->d_name); > return strdup(dev_name); > } > }
