Ok, thanks! Gerd Hoffmann <kraxel@xxxxxxxxxx> 于2020年5月28日周四 下午4:25写道: > > On Thu, May 28, 2020 at 03:57:05PM +0800, Dongyang Zhan wrote: > > Hi, > > My name is Dongyang Zhan, I am a security researcher. > > Currently, I found two possible memory bugs in > > drivers/gpu/drm/virtio/virtgpu_vq.c (Linux 5.6). > > I hope you can help me to confirm them. Thank you. > > Sorry. Not confirmed. You should do a better job verifying your > claims before bugging people. > > > The first one is resp_buf will not be release in > > virtio_gpu_cmd_get_display_info() with the condition > > (resp_size <= MAX_INLINE_RESP_SIZE) in virtio_gpu_alloc_cmd_resp(). > > In that code path resp_size equals sizeof(struct > virtio_gpu_resp_display_info) which is larger than MAX_INLINE_RESP_SIZE > so the condition is never true and no leak happens. > > take care, > Gerd > _______________________________________________ dri-devel mailing list dri-devel@xxxxxxxxxxxxxxxxxxxxx https://lists.freedesktop.org/mailman/listinfo/dri-devel
