Re: acpi ->video_device_list corruption
From: Mikael Pettersson
Date: Wed Dec 12 2007 - 06:48:41 EST
William Lee Irwin III writes:
> The ->cap fields of struct acpi_video_device and struct acpi_video_bus
> are 1B each, not 4B. The oversized memset()'s corrupted the subsequent
> list_head fields. This resulted in silent corruption without
> CONFIG_DEBUG_LIST and BUG's with it. This patch uses sizeof() to pass
> the proper bounds to the memset() calls and thereby correct the bugs.
>
> Included as a MIME attachment is a compressed dmesg from an affected
> system. The patch was seen to resolve the issue on the affected system.
>
> vs. 2.6.24-rc5
>
> Signed-off-by: William Irwin <wli@xxxxxxxxxxxxxx>
>
>
> -- wli
>
> diff --git a/drivers/acpi/video.c b/drivers/acpi/video.c
> index 44a0d9b..7895d57 100644
> --- a/drivers/acpi/video.c
> +++ b/drivers/acpi/video.c
> @@ -577,7 +577,7 @@ static void acpi_video_device_find_cap(struct acpi_video_device *device)
> struct acpi_video_device_brightness *br = NULL;
>
>
> - memset(&device->cap, 0, 4);
> + memset(&device->cap, 0, sizeof(struct acpi_video_device_cap));
IMO the memset(ptr, 0, sizeof(*ptr)) idiom is both safer
and avoids having to write an uninteresting type name.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/