LinuxLists.cc - vmwgfx: Fix unitialized stack read in vmw_setup_otable

2014-01-31 02:27:40

Subject: vmwgfx: Fix unitialized stack read in vmw_setup_otable_base

One of the error paths in vmw_setup_otable_base causes us to return with
'ret' having never been set to anything causing us to return whatever was
on the stack.

Found with Coverity

Signed-off-by: Dave Jones <[email protected]>

diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_mob.c b/drivers/gpu/drm/vmwgfx/vmwgfx_mob.c
index 4910e7b81811..d4a5a19cb8c3 100644
--- a/drivers/gpu/drm/vmwgfx/vmwgfx_mob.c
+++ b/drivers/gpu/drm/vmwgfx/vmwgfx_mob.c
@@ -134,6 +134,7 @@ static int vmw_setup_otable_base(struct vmw_private *dev_priv,
cmd = vmw_fifo_reserve(dev_priv, sizeof(*cmd));
if (unlikely(cmd == NULL)) {
DRM_ERROR("Failed reserving FIFO space for OTable setup.\n");
+ ret = -ENOMEM;
goto out_no_fifo;
}

2014-02-05 07:50:16

by Thomas Hellstrom

[permalink] [raw]

Subject: Re: vmwgfx: Fix unitialized stack read in vmw_setup_otable_base

On 01/31/2014 03:27 AM, Dave Jones wrote:
> One of the error paths in vmw_setup_otable_base causes us to return with
> 'ret' having never been set to anything causing us to return whatever was
> on the stack.
>
> Found with Coverity
>
> Signed-off-by: Dave Jones <[email protected]>
>
> diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_mob.c b/drivers/gpu/drm/vmwgfx/vmwgfx_mob.c
> index 4910e7b81811..d4a5a19cb8c3 100644
> --- a/drivers/gpu/drm/vmwgfx/vmwgfx_mob.c
> +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_mob.c
> @@ -134,6 +134,7 @@ static int vmw_setup_otable_base(struct vmw_private *dev_priv,
> cmd = vmw_fifo_reserve(dev_priv, sizeof(*cmd));
> if (unlikely(cmd == NULL)) {
> DRM_ERROR("Failed reserving FIFO space for OTable setup.\n");
> + ret = -ENOMEM;
> goto out_no_fifo;
> }
>

Thanks,
Will queue on vmwgfx-fixes for -rc2.

/Thomas