Hi Steve.
On Thu, Jul 16, 2020 at 10:29:52PM +0200, Sam Ravnborg wrote:
> Hi Steve and others.
>
> On Fri, Jul 10, 2020 at 06:40:26PM -0400, Steve Cohen wrote:
> > BUG: KASAN: use-after-free in drm_gem_open_ioctl
> >
> > There is potential for use-after-free here if the GEM object
> > handle is
Hi Steve and others.
On Fri, Jul 10, 2020 at 06:40:26PM -0400, Steve Cohen wrote:
> BUG: KASAN: use-after-free in drm_gem_open_ioctl
>
> There is potential for use-after-free here if the GEM object
> handle is closed between the idr lookup and retrieving the size
> from the object since a local r
BUG: KASAN: use-after-free in drm_gem_open_ioctl
There is potential for use-after-free here if the GEM object
handle is closed between the idr lookup and retrieving the size
from the object since a local reference is not being held at that
point. Hold the local reference while the object can still
