projects / GitHub / mt8127 / android_kernel_alcatel_ttab.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 3f7e363)
drm/radeon: fix use after free in ATRM bios reading code.
authorDave Airlie <airlied@redhat.com>
Thu, 2 Feb 2012 15:25:16 +0000 (15:25 +0000)
committerDave Airlie <airlied@redhat.com>
Thu, 2 Feb 2012 15:25:16 +0000 (15:25 +0000)
Fixes:
https://bugs.freedesktop.org/show_bug.cgi?id=45503

Reported-and-Debugged-by: mlambda@gmail.com
Signed-off-by: Dave Airlie <airlied@redhat.com>
drivers/gpu/drm/radeon/radeon_atpx_handler.c patch | blob | blame | history

diff --git a/drivers/gpu/drm/radeon/radeon_atpx_handler.c b/drivers/gpu/drm/radeon/radeon_atpx_handler.c
index 13ac63ba60752f7eaee7d27564531646cdcd33e4..98724fcb00885e8a6ba3e8e88937b209e545a8e8 100644 (file)
--- a/drivers/gpu/drm/radeon/radeon_atpx_handler.c
+++ b/drivers/gpu/drm/radeon/radeon_atpx_handler.c
@@ -59,8 +59,9 @@ static int radeon_atrm_call(acpi_handle atrm_handle, uint8_t *bios,
 
        obj = (union acpi_object *)buffer.pointer;
        memcpy(bios+offset, obj->buffer.pointer, obj->buffer.length);
+       len = obj->buffer.length;
        kfree(buffer.pointer);
-       return obj->buffer.length;
+       return len;
 }
 
 bool radeon_atrm_supported(struct pci_dev *pdev)
kernel source for telekom puls (alcatel/mediatek)