The assignment of handle in vmw_framebuffer_create_handle doesn't actually do
anything useful and is incorrectly assigning an integer value to a pointer
argument. It appears that this is a typo and should be dereferencing handle
rather than assigning to it directly. This fixes a bug where an undefined
handle value is potentially returned to user-space.
Signed-off-by: Ryan Mallon <rmal...@gmail.com>
Reviewed-by: Jakob Bornecrantz<ja...@vmware.com>
Cc: sta...@vger.kernel.org
---
Thomas and Jakob have said that a correct fix involves returning the correct
user_handle, but also requires changes to userspace. This patch is therefore a
temporary fix only. Because it corrects an undefined handle value being
returned to userspace, this should also be merged for stable kernels.
diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_kms.c
b/drivers/gpu/drm/vmwgfx/vmwgfx_kms.c
index 0af6ebd..b66ef0e 100644
--- a/drivers/gpu/drm/vmwgfx/vmwgfx_kms.c
+++ b/drivers/gpu/drm/vmwgfx/vmwgfx_kms.c
@@ -378,7 +378,7 @@ int vmw_framebuffer_create_handle(struct drm_framebuffer
*fb,
unsigned int *handle)
{
if (handle)
- handle = 0;
+ *handle = 0;
return 0;
}
_______________________________________________
dri-devel mailing list
dri-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/dri-devel
