Re: acpi ->video_device_list corruption

From: Mikael Pettersson
Date: Wed Dec 12 2007 - 07:13:29 EST

Next message: Metzger, Markus T: "RE: x86, ptrace: support for branch trace store(BTS)"
Previous message: Jens Axboe: "Re: [PATCH 00/30] blk_end_request: full I/O completion handler(take 4)"
In reply to: William Lee Irwin III: "Re: acpi ->video_device_list corruption"
Next in thread: Len Brown: "Re: acpi ->video_device_list corruption"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

William Lee Irwin III writes:
> On Wed, Dec 12, 2007 at 12:48:09PM +0100, Mikael Pettersson wrote:
> > IMO the memset(ptr, 0, sizeof(*ptr)) idiom is both safer
> > and avoids having to write an uninteresting type name.
>
> How about this, then?

Looks good.

Acked-by: Mikael Pettersson <mikpe@xxxxxxxx>

>
> The ->cap fields of struct acpi_video_device and struct acpi_video_bus
> are 1B each, not 4B. The oversized memset()'s corrupted the subsequent
> list_head fields. This resulted in silent corruption without
> CONFIG_DEBUG_LIST and BUG's with it. This patch uses sizeof() to pass
> the proper bounds to the memset() calls and thereby correct the bugs.
>
> The patch was seen to resolve the issue on the affected system.
>
> vs. 2.6.24-rc5
>
> Signed-off-by: William Irwin <wli@xxxxxxxxxxxxxx>
>
> diff --git a/drivers/acpi/video.c b/drivers/acpi/video.c
> index 44a0d9b..bd77e81 100644
> --- a/drivers/acpi/video.c
> +++ b/drivers/acpi/video.c
> @@ -577,7 +577,7 @@ static void acpi_video_device_find_cap(struct acpi_video_device *device)
> struct acpi_video_device_brightness *br = NULL;
>
>
> - memset(&device->cap, 0, 4);
> + memset(&device->cap, 0, sizeof(device->cap));
>
> if (ACPI_SUCCESS(acpi_get_handle(device->dev->handle, "_ADR", &h_dummy1))) {
> device->cap._ADR = 1;
> @@ -697,7 +697,7 @@ static void acpi_video_bus_find_cap(struct acpi_video_bus *video)
> {
> acpi_handle h_dummy1;
>
> - memset(&video->cap, 0, 4);
> + memset(&video->cap, 0, sizeof(video->cap));
> if (ACPI_SUCCESS(acpi_get_handle(video->device->handle, "_DOS", &h_dummy1))) {
> video->cap._DOS = 1;
> }
> --
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to majordomo@xxxxxxxxxxxxxxx
> More majordomo info at http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at http://www.tux.org/lkml/
>
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Metzger, Markus T: "RE: x86, ptrace: support for branch trace store(BTS)"
Previous message: Jens Axboe: "Re: [PATCH 00/30] blk_end_request: full I/O completion handler(take 4)"
In reply to: William Lee Irwin III: "Re: acpi ->video_device_list corruption"
Next in thread: Len Brown: "Re: acpi ->video_device_list corruption"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]