[PATCH] drm: avoid passing null pointer to memset

Rodrigo Vivi Tue, 9 Oct 2012 16:56:58 -0300

When cmd isn't IOC_IN | IOC_OUT a null "kdata" goes to "memset", which 
dereferences it.


v2: simpler version just using usize = 0 instead of allocating useless memory

Signed-off-by: Rodrigo Vivi <rodrigo.vivi at gmail.com>
---
 drivers/gpu/drm/drm_drv.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/drivers/gpu/drm/drm_drv.c b/drivers/gpu/drm/drm_drv.c
index 1490e76..f72dce5 100644
--- a/drivers/gpu/drm/drm_drv.c
+++ b/drivers/gpu/drm/drm_drv.c
@@ -444,7 +444,8 @@ long drm_ioctl(struct file *filp,
                        }
                        if (asize > usize)
                                memset(kdata + usize, 0, asize - usize);
-               }
+               } else
+                       usize = 0;

                if (cmd & IOC_IN) {
                        if (copy_from_user(kdata, (void __user *)arg,
-- 
1.7.11.4

[PATCH] drm: avoid passing null pointer to memset

Reply via email to