Bugzilla – Attachment 15651 Details for
Bug 48945
VUL-0: CVE-2004-0003: kernel: DRI: 3 bugs
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
IDP Log In
|
Forgot Password
[patch]
proposed patch from Alan
dri-patch.txt (text/plain), 2.35 KB, created by
Thomas Biege
on 2004-01-15 20:18:41 UTC
(
hide
)
Description:
proposed patch from Alan
Filename:
MIME Type:
Creator:
Thomas Biege
Created:
2004-01-15 20:18:41 UTC
Size:
2.35 KB
patch
obsolete
>From alan@lxorguk.ukuu.org.uk Thu Jan 15 13:17:38 2004 >Date: Wed, 14 Jan 2004 13:39:39 +0000 >From: Alan Cox <alan@lxorguk.ukuu.org.uk> >To: DRI Devel <dri-devel@lists.sourceforge.net> >Subject: [vendor-sec] Minimal fix for the R128 drivers > >I think this is about the minimal fix needed. I'm not entirely happy >with the limits picked, especially for spans, but maybe someone with >an R128 can verify it is ok, or change the code to loop each chunk >of pixels/span data. > >I've not yet looked at the new SiS allocator problems in detail. The >6326 really wants a different allocator anyway. > >Alan > > > [ Part 2: "Attached Text" ] > > [ The following text is in the "UTF-8" character set. ] > [ Your display is set for the "iso-8859-1" character set. ] > [ Some characters may be displayed incorrectly. ] > >--- drivers/char/drm/r128_state.c~ 2004-01-14 13:42:38.000000000 +0000 >+++ drivers/char/drm/r128_state.c 2004-01-14 13:46:27.000000000 +0000 >@@ -23,8 +23,20 @@ > * ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER > * DEALINGS IN THE SOFTWARE. > * >+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR >+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, >+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL >+ * RED HAT AND/OR ITS SUPPLIERS BE LIABLE FOR ANY CLAIM, DAMAGES OR >+ * OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, >+ * ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER >+ * DEALINGS IN THE SOFTWARE. >+ * >+ * THIS SOFTWARE IS NOT INTENDED FOR USE IN SAFETY CRITICAL SYSTEMS >+ * > * Authors: > * Gareth Hughes <gareth@valinux.com> >+ * >+ * Memory allocation size checks added 14/01/2003, Alan Cox <alan@redhat.com> > */ > > #include "r128.h" >@@ -901,6 +913,9 @@ > DRM_DEBUG( "%s\n", __FUNCTION__ ); > > count = depth->n; >+ >+ if( count > 4096 ) >+ return -EMSGSIZE; > if ( copy_from_user( &x, depth->x, sizeof(x) ) ) { > return -EFAULT; > } >@@ -994,6 +1009,9 @@ > DRM_DEBUG( "%s\n", __FUNCTION__ ); > > count = depth->n; >+ >+ if( count > 4096 ) >+ return -EMSGSIZE; > > x = kmalloc( count * sizeof(*x), GFP_KERNEL ); > if ( x == NULL ) { >@@ -1109,6 +1127,9 @@ > DRM_DEBUG( "%s\n", __FUNCTION__ ); > > count = depth->n; >+ >+ if ( count > 4096 ) >+ return -EMSGSIZE; > if ( copy_from_user( &x, depth->x, sizeof(x) ) ) { > return -EFAULT; > }
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=15651">View the attachment on a separate page</a>.</b>
Actions:
View
|
Diff
Attachments on
bug 48945
: 15651 |
16028
|
16029