On Thu, 10 Aug 2006 15:22:21 +0100
Catalin Marinas <catalin.marinas@xxxxxxx> wrote:
> diff --git a/drivers/char/vt.c b/drivers/char/vt.c
> index da7e66a..31c8b32 100644
> --- a/drivers/char/vt.c
> +++ b/drivers/char/vt.c
> @@ -730,7 +730,8 @@ int vc_allocate(unsigned int currcons) /
> visual_init(vc, currcons, 1);
> if (!*vc->vc_uni_pagedir_loc)
> con_set_default_unimap(vc);
> - vc->vc_screenbuf = kmalloc(vc->vc_screenbuf_size, GFP_KERNEL);
> + if (!vc->vc_kmalloced)
> + vc->vc_screenbuf = kmalloc(vc->vc_screenbuf_size, GFP_KERNEL);
> if (!vc->vc_screenbuf) {
> kfree(vc);
> vc_cons[currcons].d = NULL;
hm. Maybe. I'd worry that the memory at vc->vc_screenbuf isn't of the
correct size and this patch will convert a leak into a buffer overrun.
Also, what's up with this, in vc_resize()?
if (vc->vc_kmalloced)
kfree(vc->vc_screenbuf);
vc->vc_screenbuf = newscreen;
vc->vc_kmalloced = 1;
if vc->vc_kmalloced means "there is kmalloced memory at vc->vc_screenbuf"
then this is wrong.