[PATCH] RTAS syscall NULL ptr deref (2.6)
Benjamin Herrenschmidt
benh at kernel.crashing.org
Sat Feb 28 09:22:49 EST 2004
On Sat, 2004-02-28 at 03:16, John Rose wrote:
> Hi Ben-
>
> > Can you quickly explain how the code could do a NULL ptr deref in
> > the first place ? (and how taht's fixed).
>
> Heh sure. The rets member of the rtas_args structure is an int pointer
> into the args member, which is an int array. Initially, I didn't set
> the "rets" ptr in this syscall, because I didn't need it in the
> function, and it wouldn't be useful to userspace when copied out.
Ok, makes more sense now, thanks.
Ben.
** Sent via the linuxppc64-dev mail list. See http://lists.linuxppc.org/
More information about the Linuxppc64-dev
mailing list