From: Robert Jarzmik <robert.jarzmik@free.fr>
To: Sascha Hauer <s.hauer@pengutronix.de>
Cc: barebox@lists.infradead.org
Subject: Re: Ramfs and NULL pointer
Date: Tue, 20 Nov 2012 21:50:56 +0100 [thread overview]
Message-ID: <87haokdmmn.fsf@free.fr> (raw)
In-Reply-To: <87lidwdmzh.fsf@free.fr> (Robert Jarzmik's message of "Tue, 20 Nov 2012 21:43:14 +0100")
Robert Jarzmik <robert.jarzmik@free.fr> writes:
> diff --git a/commands/splash.c b/commands/splash.c
> index 65dd530..b0830fb 100644
> --- a/commands/splash.c
> +++ b/commands/splash.c
> @@ -49,6 +49,8 @@ static int do_splash(int argc, char *argv[])
> }
> image_file = argv[optind];
>
> + memset(&sc, 0, sizeof(sc));
> + memset(&s, 0, sizeof(s));
This last memset is misplaced actually, it should be far upper in the funciton.
So the correct patch would be :
----8>----
From ea8d7e02533bea9908d8a56ef6b59483f65a3530 Mon Sep 17 00:00:00 2001
From: Robert Jarzmik <robert.jarzmik@free.fr>
Date: Tue, 20 Nov 2012 21:33:49 +0100
Subject: [PATCH] splash: fix splash breakage
Commit 3fa8d74a introduced structures screen and surface.
Unfortunately, these structures are allocated on the stack,
and not initialized.
As a consequence, sc->offscreen might contain a random
value, which is used later for memcpy operations, corrupting
memory.
Fix it by initializing the structures.
Signed-off-by: Robert Jarzmik <robert.jarzmik@free.fr>
---
commands/splash.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/commands/splash.c b/commands/splash.c
index 65dd530..370c3a2 100644
--- a/commands/splash.c
+++ b/commands/splash.c
@@ -19,6 +19,7 @@ static int do_splash(int argc, char *argv[])
u32 bg_color = 0x00000000;
bool do_bg = false;
+ memset(&s, 0, sizeof(s));
s.x = -1;
s.y = -1;
s.width = -1;
@@ -49,6 +50,7 @@ static int do_splash(int argc, char *argv[])
}
image_file = argv[optind];
+ memset(&sc, 0, sizeof(sc));
fd = fb_open(fbdev, &sc, offscreen);
if (fd < 0) {
perror("fd_open");
--
1.7.10.4
--
Robert
_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox
prev parent reply other threads:[~2012-11-20 20:51 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-11-04 17:53 Ramfs and NULL pointer Robert Jarzmik
2012-11-04 18:48 ` Robert Jarzmik
2012-11-04 22:56 ` Sascha Hauer
2012-11-05 8:23 ` Robert Jarzmik
2012-11-20 20:43 ` Robert Jarzmik
2012-11-20 20:50 ` Robert Jarzmik [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87haokdmmn.fsf@free.fr \
--to=robert.jarzmik@free.fr \
--cc=barebox@lists.infradead.org \
--cc=s.hauer@pengutronix.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.