From mboxrd@z Thu Jan 1 00:00:00 1970 From: =?UTF-8?B?Q2hyaXN0aWFuIEvDtm5pZw==?= Subject: Re: [PATCH] drm: fix the usage after free Date: Mon, 24 Aug 2015 10:20:28 +0200 Message-ID: <55DAD3CC.7070709@vodafone.de> References: <1440388573-2065-1-git-send-email-Jammy.Zhou@amd.com> <55DACD1D.1050600@vodafone.de> Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="===============0923990675==" Return-path: Received: from pegasos-out.vodafone.de (pegasos-out.vodafone.de [80.84.1.38]) by gabe.freedesktop.org (Postfix) with ESMTP id ED4226E335 for ; Mon, 24 Aug 2015 01:20:36 -0700 (PDT) Received: from localhost (localhost.localdomain [127.0.0.1]) by pegasos-out.vodafone.de (Rohrpostix1 Daemon) with ESMTP id BC87626094F for ; Mon, 24 Aug 2015 10:20:35 +0200 (CEST) Received: from pegasos-out.vodafone.de ([127.0.0.1]) by localhost (rohrpostix1.prod.vfnet.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VB-1vAcqSguz for ; Mon, 24 Aug 2015 10:20:33 +0200 (CEST) In-Reply-To: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dri-devel-bounces@lists.freedesktop.org Sender: "dri-devel" To: Mathias Tillman , "Zhou, Jammy" , "dri-devel@lists.freedesktop.org" List-Id: dri-devel@lists.freedesktop.org This is a multi-part message in MIME format. --===============0923990675== Content-Type: multipart/alternative; boundary="------------090806020001030109000207" This is a multi-part message in MIME format. --------------090806020001030109000207 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: quoted-printable Hi Mathias, thanks for the good help and no problem with the Signed-off-by line. If=20 you don't object we will just add a "Signed-off-by: Mathias Tillman=20 " line when we push this patch to the repository. It's just for tracking who created which code and who might know why=20 something is implemented as it is, but since it's rather obvious what's=20 wrong here there probably won't be any more questions about his. I honestly don't remember if I have commit access to libdrm myself, but=20 going to check. If not Alex or somebody else need to commit this. Regards, Christian. On 24.08.2015 10:03, Mathias Tillman wrote: > Sorry, no I am not a developer working on libdrm, this is my first=20 > contribution to it in fact. How would I go about adding my Signed-Off? > > On Mon, 24 Aug 2015 at 09:59 Zhou, Jammy > wrote: > > > Would be more convenient if Mathias would add his Signed-off-by > as well and send out the patch, cause he is the original author. > > Agreed. Just was not quite sure if Mathias is working on the > libdrm project directly or not based on the comments in the > bugzilla "hopefully the fix can be pushed to master soon". > > Regards, > Jammy > > -----Original Message----- > From: Christian K=C3=B6nig [mailto:deathsimple@vodafone.de > ] > Sent: Monday, August 24, 2015 3:52 PM > To: Zhou, Jammy; dri-devel@lists.freedesktop.org > ; master.homer@gmail.com > > Subject: Re: [PATCH] drm: fix the usage after free > > On 24.08.2015 05:56, Jammy Zhou wrote: > > From: Mathias Tillman > > > > > For readdir_r(), the next directory entry is returned in > > caller-allocted buffer (pointered by pent here). > > > > https://bugs.freedesktop.org/show_bug.cgi?id=3D91704 > > > > Signed-off-by: Jammy Zhou > > > Would be more convenient if Mathias would add his Signed-off-by as > well and send out the patch, cause he is the original author. > > Anyway the patch is clearly a nice catch and Reviewed-by: > Christian K=C3=B6nig > > > Regards, > Christian. > > > --- > > xf86drm.c | 5 +++-- > > 1 file changed, 3 insertions(+), 2 deletions(-) > > > > diff --git a/xf86drm.c b/xf86drm.c > > index 5e02969..a7cc643 100644 > > --- a/xf86drm.c > > +++ b/xf86drm.c > > @@ -2803,11 +2803,12 @@ static char *drmGetMinorNameForFD(int > fd, int > > type) > > > > while (readdir_r(sysdir, pent, &ent) =3D=3D 0 && ent !=3D N= ULL) { > > if (strncmp(ent->d_name, name, len) =3D=3D 0) { > > + snprintf(dev_name, sizeof(dev_name), > DRM_DIR_NAME "/%s", > > + ent->d_name); > > + > > free(pent); > > closedir(sysdir); > > > > - snprintf(dev_name, sizeof(dev_name), > DRM_DIR_NAME "/%s", > > - ent->d_name); > > return strdup(dev_name); > > } > > } > --------------090806020001030109000207 Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: quoted-printable
Hi Mathias,

thanks for the good help and no problem with the Signed-off-by line. If you don't object we will just add a "Signed-off-by: Mathias Tillman <master.homer@gmail.com>" line when we p= ush this patch to the repository.

It's just for tracking who created which code and who might know why something is implemented as it is, but since it's rather obvious what's wrong here there probably won't be any more questions about his.

I honestly don't remember if I have commit access to libdrm myself, but going to check. If not Alex or somebody else need to commit this.

Regards,
Christian.

On 24.08.2015 10:03, Mathias Tillman wrote:
Sorry, no I am not a developer working on libdrm, this is my first contribution to it in fact. How would I go about adding my Signed-Off?

On Mon, 24 Aug 2015 at 09:59 Zhou, Jammy <J= ammy.Zhou@amd.com> wrote:
> Would be more convenient if Mathias would add his Signed-off-by as well and send out the patch, cause he is the original author.
Agreed. Just was not quite sure if Mathias is working on the libdrm project directly or not based on the comments in the bugzilla "hopefully the fix can be pushed to master soon".

Regards,
Jammy

-----Original Message-----
From: Christian K=C3=B6nig [mailto:dea= thsimple@vodafone.de]
Sent: Monday, August 24, 2015 3:52 PM
To: Zhou, Jammy; dri-devel@lists.freedesktop.org; master.homer@gmail.com
Subject: Re: [PATCH] drm: fix the usage after free

On 24.08.2015 05:56, Jammy Zhou wrote:
> From: Mathias Tillman <mast= er.homer@gmail.com>
>
> For readdir_r(), the next directory entry is returned in > caller-allocted buffer (pointered by pent here).
>
> https://bugs.freedesktop= .org/show_bug.cgi?id=3D91704
>
> Signed-off-by: Jammy Zhou <Jammy.Zh= ou@amd.com>

Would be more convenient if Mathias would add his Signed-off-by as well and send out the patch, cause he is the original author.

Anyway the patch is clearly a nice catch and Reviewed-by: Christian K=C3=B6nig <ch= ristian.koenig@amd.com>

Regards,
Christian.

> ---
>=C2=A0 =C2=A0xf86drm.c | 5 +++--
>=C2=A0 =C2=A01 file changed, 3 insertions(+), 2 deletions(-= )
>
> diff --git a/xf86drm.c b/xf86drm.c
> index 5e02969..a7cc643 100644
> --- a/xf86drm.c
> +++ b/xf86drm.c
> @@ -2803,11 +2803,12 @@ static char *drmGetMinorNameForFD(int fd, int
> type)
>
>=C2=A0 =C2=A0 =C2=A0 =C2=A0while (readdir_r(sysdir, pent, &= amp;ent) =3D=3D 0 && ent !=3D NULL) {
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0if (= strncmp(ent->d_name, name, len) =3D=3D 0) {
> +=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0snprintf(dev_name, sizeof(dev_name), DRM_DIR_NAME "/%s",
> +=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 ent->d_name);
> +
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0free(pent);
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0closedir(sysdir);
>
> -=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0snprintf(dev_name, sizeof(dev_name), DRM_DIR_NAME "/%s",
> -=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 ent->d_name);
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0return strdup(dev_name);
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0} >=C2=A0 =C2=A0 =C2=A0 =C2=A0}


--------------090806020001030109000207-- --===============0923990675== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX18KZHJpLWRldmVs IG1haWxpbmcgbGlzdApkcmktZGV2ZWxAbGlzdHMuZnJlZWRlc2t0b3Aub3JnCmh0dHA6Ly9saXN0 cy5mcmVlZGVza3RvcC5vcmcvbWFpbG1hbi9saXN0aW5mby9kcmktZGV2ZWwK --===============0923990675==--