fd02db9de7
The FBIOGET_VBLANK device ioctl allows unprivileged users to read 16 bytes of uninitialized stack memory, because the "reserved" member of the fb_vblank struct declared on the stack is not altered or zeroed before being copied back to the user. This patch takes care of it. Signed-off-by: Dan Rosenberg <dan.j.rosenberg@gmail.com> Cc: Thomas Winischhofer <thomas@winischhofer.net> Cc: <stable@kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> |
||
|---|---|---|
| .. | ||
| 300vtbl.h | ||
| 310vtbl.h | ||
| init301.c | ||
| init301.h | ||
| init.c | ||
| init.h | ||
| initdef.h | ||
| initextlfb.c | ||
| Makefile | ||
| oem300.h | ||
| oem310.h | ||
| osdef.h | ||
| sis_accel.c | ||
| sis_accel.h | ||
| sis_main.c | ||
| sis_main.h | ||
| sis.h | ||
| vgatypes.h | ||
| vstruct.h | ||