vmwgfx: information leak in vmw_execbuf_copy_fence_user()

If ret is non-zero then we don't initialize the struct which leaks stack information to user space. Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Reviewed-by: Thomas Hellstrom <thellstrom@vmware.com> Reviewed-by: Vasiliy Kulikov <segoon@openwall.com> Signed-off-by: Dave Airlie <airlied@redhat.com>
author: Dan Carpenter <dan.carpenter@oracle.com> 2011-10-18 06:10:12 (GMT)
committer: Dave Airlie <airlied@redhat.com> 2011-10-18 09:42:01 (GMT)
commit: 80d9b24a658c83602aea66e45e2347c5bb3cbd47 (patch)
tree: 1aafde86b9e2ae7bd3151fe64c150ee81c53f681
parent: 0c5d37033b3a16fdf6442730cee82dd3e8465fb1 (diff)
download: linux-fsl-qoriq-80d9b24a658c83602aea66e45e2347c5bb3cbd47.tar.xz
1 files changed, 2 insertions, 0 deletions
diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c b/drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c
index d4a1d8b..28e1c35 100644
--- a/drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c
+++ b/drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c
@@ -1070,6 +1070,8 @@ vmw_execbuf_copy_fence_user(struct vmw_private *dev_priv,
 	if (user_fence_rep == NULL)
 		return;
 
+	memset(&fence_rep, 0, sizeof(fence_rep));
+
 	fence_rep.error = ret;
 	if (ret == 0) {
 		BUG_ON(fence == NULL);
author	Dan Carpenter <dan.carpenter@oracle.com>	2011-10-18 06:10:12 (GMT)
committer	Dave Airlie <airlied@redhat.com>	2011-10-18 09:42:01 (GMT)
commit	80d9b24a658c83602aea66e45e2347c5bb3cbd47 (patch)
tree	1aafde86b9e2ae7bd3151fe64c150ee81c53f681
parent	0c5d37033b3a16fdf6442730cee82dd3e8465fb1 (diff)
download	linux-fsl-qoriq-80d9b24a658c83602aea66e45e2347c5bb3cbd47.tar.xz