From: Rob Clark <r...@ti.com> If an older userspace passes in a smaller arg than the current kernel ioctl arg struct, then extra fields should be initialized to zero rather than passing random data to the DRM driver.
Signed-off-by: Rob Clark <rob at ti.com> --- A potential issue that Daniel Vetter spotted. It isn't currently an issue, but I thought it would be better to fix now than forget about it and have problems later. drivers/gpu/drm/drm_drv.c | 2 ++ 1 files changed, 2 insertions(+), 0 deletions(-) diff --git a/drivers/gpu/drm/drm_drv.c b/drivers/gpu/drm/drm_drv.c index 93a112d..7a87e08 100644 --- a/drivers/gpu/drm/drm_drv.c +++ b/drivers/gpu/drm/drm_drv.c @@ -438,6 +438,8 @@ long drm_ioctl(struct file *filp, goto err_i1; } } + if (asize > usize) + memset(kdata + usize, 0, asize - usize); } if (cmd & IOC_IN) { -- 1.7.5.4