From mboxrd@z Thu Jan  1 00:00:00 1970
From: bugzilla-daemon@bugzilla.kernel.org
Subject: [Bug 188911] New: Function qxl_release_alloc() returns an improper
 value when the call to kmalloc() fails, resulting in bad memory access
Date: Fri, 25 Nov 2016 11:08:20 +0000
Message-ID: <bug-188911-2300@https.bugzilla.kernel.org/>
Mime-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
Return-path: <dri-devel-bounces@lists.freedesktop.org>
Received: from mail.kernel.org (mail.kernel.org [198.145.29.136])
 by gabe.freedesktop.org (Postfix) with ESMTPS id 1391E6E89B
 for <dri-devel@lists.freedesktop.org>; Fri, 25 Nov 2016 11:08:35 +0000 (UTC)
Received: from mail.kernel.org (localhost [127.0.0.1])
 by mail.kernel.org (Postfix) with ESMTP id 76FFD20457
 for <dri-devel@lists.freedesktop.org>; Fri, 25 Nov 2016 11:08:29 +0000 (UTC)
Received: from bugzilla1.web.kernel.org (bugzilla1.web.kernel.org
 [172.20.200.51])
 by mail.kernel.org (Postfix) with ESMTP id 7EBBE20453
 for <dri-devel@lists.freedesktop.org>; Fri, 25 Nov 2016 11:08:20 +0000 (UTC)
List-Unsubscribe: <https://lists.freedesktop.org/mailman/options/dri-devel>,
 <mailto:dri-devel-request@lists.freedesktop.org?subject=unsubscribe>
List-Archive: <https://lists.freedesktop.org/archives/dri-devel>
List-Post: <mailto:dri-devel@lists.freedesktop.org>
List-Help: <mailto:dri-devel-request@lists.freedesktop.org?subject=help>
List-Subscribe: <https://lists.freedesktop.org/mailman/listinfo/dri-devel>,
 <mailto:dri-devel-request@lists.freedesktop.org?subject=subscribe>
Errors-To: dri-devel-bounces@lists.freedesktop.org
Sender: "dri-devel" <dri-devel-bounces@lists.freedesktop.org>
To: dri-devel@lists.freedesktop.org
List-Id: dri-devel@lists.freedesktop.org

aHR0cHM6Ly9idWd6aWxsYS5rZXJuZWwub3JnL3Nob3dfYnVnLmNnaT9pZD0xODg5MTEKCiAgICAg
ICAgICAgIEJ1ZyBJRDogMTg4OTExCiAgICAgICAgICAgU3VtbWFyeTogRnVuY3Rpb24gcXhsX3Jl
bGVhc2VfYWxsb2MoKSByZXR1cm5zIGFuIGltcHJvcGVyIHZhbHVlCiAgICAgICAgICAgICAgICAg
ICAgd2hlbiB0aGUgY2FsbCB0byBrbWFsbG9jKCkgZmFpbHMsIHJlc3VsdGluZyBpbiBiYWQKICAg
ICAgICAgICAgICAgICAgICBtZW1vcnkgYWNjZXNzCiAgICAgICAgICAgUHJvZHVjdDogRHJpdmVy
cwogICAgICAgICAgIFZlcnNpb246IDIuNQogICAgS2VybmVsIFZlcnNpb246IGxpbnV4LTQuOS1y
YzYKICAgICAgICAgIEhhcmR3YXJlOiBBbGwKICAgICAgICAgICAgICAgIE9TOiBMaW51eAogICAg
ICAgICAgICAgIFRyZWU6IE1haW5saW5lCiAgICAgICAgICAgIFN0YXR1czogTkVXCiAgICAgICAg
ICBTZXZlcml0eTogbm9ybWFsCiAgICAgICAgICBQcmlvcml0eTogUDEKICAgICAgICAgQ29tcG9u
ZW50OiBWaWRlbyhEUkkgLSBub24gSW50ZWwpCiAgICAgICAgICBBc3NpZ25lZTogZHJpdmVyc192
aWRlby1kcmlAa2VybmVsLWJ1Z3Mub3NkbC5vcmcKICAgICAgICAgIFJlcG9ydGVyOiBiaWFucGFu
MjAxMEBydWMuZWR1LmNuCiAgICAgICAgUmVncmVzc2lvbjogTm8KCigxKSBGdW5jdGlvbiBrbWFs
bG9jKCkgcmV0dXJuIGEgTlVMTCBwb2ludGVyIGlmIHRoZXJlIGlzIG5vIGVub3VnaCBtZW1vcnku
IFRoZQpmdW5jdGlvbiBxeGxfcmVsZWFzZV9hbGxvYygpIGRlZmluZWQgaW4gZmlsZSBkcml2ZXJz
L2dwdS9kcm0vcXhsL3F4bF9yZWxlYXNlLmMKdHJpZXMgdG8gYWxsb2NhdGUgbWVtb3J5IGFuZCBz
dG9yZXMgaW4gaXRzIHRoaXJkIHBhcmFtZXRlciBAQHJldC4gUGFyYW1ldGVyCkBAcmV0IGtlZXBz
IHVubW9kaWZpZWQgaWYgdGhlIGNhbGwgdG8ga21hbGxvYygpIChhdCBsaW5lIDEzMykgZmFpbHMu
IEluIHRoaXMKY2FzZSwgaXQgcmV0dXJucyAwLgooMikgRnVuY3Rpb24gcXhsX2FsbG9jX3JlbGVh
c2VfcmVzZXJ2ZWQoKSBjYWxscyBxeGxfcmVsZWFzZV9hbGxvYygpIHRvIGFsbG9jYXRlCm1lbW9y
eSBmb3IgaXRzIHBhcmFtZXRlciBAQHJlbGVhc2UuIEJ5IHJldmlld2luZyB0aGUgc291cmNlIGNv
ZGUgb2YgdGhlIGNhbGxlcnMKb2YgZnVuY3Rpb24gcXhsX2FsbG9jX3JlbGVhc2VfcmVzZXJ2ZWQo
KSAoZS5nLiBxeGxfcHJvY2Vzc19zaW5nbGVfY29tbWFuZCgpCmRlZmluZWQgaW4gZmlsZSBkcml2
ZXJzL2dwdS9kcm0vcXhsL3F4bF9pb2N0bC5jKSwgd2UgZmluZCB0aGF0IHBhcmFtZXRlcgpAQHJl
bGVhc2UgaXMgdW5pbml0aWFsaXplZC4gVGhlIHJldHVybiB2YWx1ZSBvZiBxeGxfcmVsZWFzZV9h
bGxvYygpIGlzIGNoZWNrZWQsCmlmIHRoZSByZXR1cm4gdmFsdWUgaXMgMCwgdGhlIGV4ZWN1dGlv
biBmbG93IHdpbGwgY29udGludWUsIGFuZCB0aGUgbWVtb3J5CnBvaW50ZWQgYnkgQEByZWxlYXNl
IHdpbGwgYmUgYWNjZXNzZWQgKGF0IGxpbmUgMzY4KS4gUmVjYWxsIHRoYXQgZnVuY3Rpb24KcXhs
X3JlbGVhc2VfYWxsb2MoKSByZXR1cm5zIDAgd2hlbiBrbWFsbG9jKCkgZmFpbHMuIEluIHRoaXMg
Y2FzZSwgdGhlCnVuaW5pdGlhbGl6ZWQgbWVtb3J5IHdpbGwgYmUgYWNjZXNzZWQsIGNhdXNpbmcg
YmFkIG1lbW9yeSBhY2Nlc3MuCigzKSBUbyBhdm9pZCBiYWQgbWVtb3J5IGFjY2VzcywgaXQncyBi
ZXR0ZXIgdG8gcmV0dXJuICItRU5PTUVNIiB3aGVuIHRoZSBjYWxsCnRvIGttYWxsb2MoKSBmYWls
cyBpbiBmdW5jdGlvbiBxeGxfcmVsZWFzZV9hbGxvYygpLgoKQ29kZXMgcmVsYXRlZCB0byB0aGlz
IGJ1ZyBhcmUgc3VtbWFyaXNlZCBhcyBmb2xsb3dzLgooMSkgcXhsX3JlbGVhc2VfYWxsb2MgQEAg
ZHJpdmVycy9ncHUvZHJtL3F4bC9xeGxfcmVsZWFzZS5jCjEyNSBzdGF0aWMgaW50CjEyNiBxeGxf
cmVsZWFzZV9hbGxvYyhzdHJ1Y3QgcXhsX2RldmljZSAqcWRldiwgaW50IHR5cGUsCjEyNyAgICAg
ICAgICAgc3RydWN0IHF4bF9yZWxlYXNlICoqcmV0KQoxMjggewoxMjkgICAgIHN0cnVjdCBxeGxf
cmVsZWFzZSAqcmVsZWFzZTsKMTMwICAgICBpbnQgaGFuZGxlOwoxMzEgICAgIHNpemVfdCBzaXpl
ID0gc2l6ZW9mKCpyZWxlYXNlKTsKMTMyIAoxMzMgICAgIHJlbGVhc2UgPSBrbWFsbG9jKHNpemUs
IEdGUF9LRVJORUwpOwoxMzQgICAgIGlmICghcmVsZWFzZSkgewoxMzUgICAgICAgICBEUk1fRVJS
T1IoIk91dCBvZiBtZW1vcnlcbiIpOwoxMzYgICAgICAgICByZXR1cm4gMDsgIC8vICJyZXR1cm4g
LUVOT01FTTsiPwoxMzcgICAgIH0KICAgICAgICAuLi4KMTU1ICAgICAqcmV0ID0gcmVsZWFzZTsK
MTU2ICAgICBRWExfSU5GTyhxZGV2LCAiYWxsb2NhdGVkIHJlbGVhc2UgJWRcbiIsIGhhbmRsZSk7
CjE1NyAgICAgcmVsZWFzZS0+aWQgPSBoYW5kbGU7CjE1OCAgICAgcmV0dXJuIGhhbmRsZTsKMTU5
IH0KCigyKSBxeGxfYWxsb2NfcmVsZWFzZV9yZXNlcnZlZCBAQCBkcml2ZXJzL2dwdS9kcm0vcXhs
L3F4bF9yZWxlYXNlLmMKMzIzIGludCBxeGxfYWxsb2NfcmVsZWFzZV9yZXNlcnZlZChzdHJ1Y3Qg
cXhsX2RldmljZSAqcWRldiwgdW5zaWduZWQgbG9uZyBzaXplLAozMjQgICAgICAgICAgICAgICAg
ICAgICAgICBpbnQgdHlwZSwgc3RydWN0IHF4bF9yZWxlYXNlICoqcmVsZWFzZSwKMzI1ICAgICAg
ICAgICAgICAgICAgICAgICAgc3RydWN0IHF4bF9ibyAqKnJibykKMzI2IHsKMzI3ICAgICBzdHJ1
Y3QgcXhsX2JvICpibzsKMzI4ICAgICBpbnQgaWRyX3JldDsKICAgICAgICAuLi4KMzQ0ICAgICBp
ZHJfcmV0ID0gcXhsX3JlbGVhc2VfYWxsb2MocWRldiwgdHlwZSwgcmVsZWFzZSk7CjM0NSAgICAg
aWYgKGlkcl9yZXQgPCAwKSB7CjM0NiAgICAgICAgIGlmIChyYm8pCjM0NyAgICAgICAgICAgICAq
cmJvID0gTlVMTDsKMzQ4ICAgICAgICAgcmV0dXJuIGlkcl9yZXQ7CjM0OSAgICAgfQogICAgICAg
IC4uLgozNjYgICAgIGJvID0gcXhsX2JvX3JlZihxZGV2LT5jdXJyZW50X3JlbGVhc2VfYm9bY3Vy
X2lkeF0pOwozNjcgCiAgICAgICAgLy8gYmFkIG1lbW9yeSBhY2Nlc3Mgd2hlbiBrbWFsbG9jKCkg
ZmFpbHM/CjM2OCAgICAgKCpyZWxlYXNlKS0+cmVsZWFzZV9vZmZzZXQgPSBxZGV2LT5jdXJyZW50
X3JlbGVhc2VfYm9fb2Zmc2V0W2N1cl9pZHhdICoKcmVsZWFzZV9zaXplX3Blcl9ib1tjdXJfaWR4
XTsKMzY5ICAgICBxZGV2LT5jdXJyZW50X3JlbGVhc2VfYm9fb2Zmc2V0W2N1cl9pZHhdKys7CiAg
ICAgICAgLi4uCjM4OCB9CgooMykgcXhsX3Byb2Nlc3Nfc2luZ2xlX2NvbW1hbmQgQEAgZHJpdmVy
cy9ncHUvZHJtL3F4bC9xeGxfaW9jdGwuYwoxMzggc3RhdGljIGludCBxeGxfcHJvY2Vzc19zaW5n
bGVfY29tbWFuZChzdHJ1Y3QgcXhsX2RldmljZSAqcWRldiwKMTM5ICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgc3RydWN0IGRybV9xeGxfY29tbWFuZCAqY21kLAoxNDAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBzdHJ1Y3QgZHJtX2ZpbGUgKmZpbGVf
cHJpdikKMTQxIHsKMTQyICAgICAgICAgc3RydWN0IHF4bF9yZWxvY19pbmZvICpyZWxvY19pbmZv
OwoxNDMgICAgICAgICBpbnQgcmVsZWFzZV90eXBlOwoxNDQgICAgICAgICBzdHJ1Y3QgcXhsX3Jl
bGVhc2UgKnJlbGVhc2U7IC8vIHJlbGVhc2UgaXMgbm90IGluaXRpYWxpemVkCiAgICAgICAgICAg
IC4uLgoxNzUgICAgICAgICByZXQgPSBxeGxfYWxsb2NfcmVsZWFzZV9yZXNlcnZlZChxZGV2LAox
NzYgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBzaXplb2YodW5pb24g
cXhsX3JlbGVhc2VfaW5mbykgKwoxNzcgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICBjbWQtPmNvbW1hbmRfc2l6ZSwKMTc4ICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgcmVsZWFzZV90eXBlLAoxNzkgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAmcmVsZWFzZSwKMTgwICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgJmNtZF9ibyk7CjE4MSAgICAgICAgIGlmIChyZXQpCjE4MiAgICAgICAg
ICAgICAgICAgZ290byBvdXRfZnJlZV9yZWxvYzsKICAgICAgICAgICAgLi4uCjI2OSBvdXRfZnJl
ZV9yZWxvYzoKMjcwICAgICAgICAga2ZyZWUocmVsb2NfaW5mbyk7CjI3MSAgICAgICAgIHJldHVy
biByZXQ7CjI3MiB9CgpUaGFua3MgdmVyeSBtdWNoIQoKLS0gCllvdSBhcmUgcmVjZWl2aW5nIHRo
aXMgbWFpbCBiZWNhdXNlOgpZb3UgYXJlIHdhdGNoaW5nIHRoZSBhc3NpZ25lZSBvZiB0aGUgYnVn
LgpfX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fXwpkcmktZGV2
ZWwgbWFpbGluZyBsaXN0CmRyaS1kZXZlbEBsaXN0cy5mcmVlZGVza3RvcC5vcmcKaHR0cHM6Ly9s
aXN0cy5mcmVlZGVza3RvcC5vcmcvbWFpbG1hbi9saXN0aW5mby9kcmktZGV2ZWwK