From: Tim Gore <tim.gore@xxxxxxxxx>
A static analysis of libdrm source code has identified several
potential bugs. This commit addresses the critical issues in
xf86drmHash.c, which are all potential null pointer dereferences.
NOTE: I have kept to the indenting style already used in this file,
which is a mixture of spaces and tabs.
Signed-off-by: Tim Gore <tim.gore@xxxxxxxxx>
---
xf86drmHash.c | 12 ++++++++++--
1 file changed, 10 insertions(+), 2 deletions(-)
diff --git a/xf86drmHash.c b/xf86drmHash.c
index 82cbc2a..7e6ba44 100644
--- a/xf86drmHash.c
+++ b/xf86drmHash.c
@@ -91,6 +91,7 @@
#define HASH_RANDOM_INIT(seed) srandom(seed)
#define HASH_RANDOM random()
#define HASH_RANDOM_DESTROY
+#define HASH_RANDOM_OK (1)
#else
#define HASH_ALLOC drmMalloc
#define HASH_FREE drmFree
@@ -98,6 +99,7 @@
#define HASH_RANDOM_INIT(seed) state = drmRandomCreate(seed)
#define HASH_RANDOM drmRandom(state)
#define HASH_RANDOM_DESTROY drmRandomDestroy(state)
+#define HASH_RANDOM_OK (state != NULL)
#endif
@@ -137,8 +139,14 @@ static unsigned long HashHash(unsigned long key)
if (!init) {
HASH_RANDOM_DECL;
HASH_RANDOM_INIT(37);
- for (i = 0; i < 256; i++) scatter[i] = HASH_RANDOM;
- HASH_RANDOM_DESTROY;
+ if (HASH_RANDOM_OK) {
+ for (i = 0; i < 256; i++) scatter[i] = HASH_RANDOM;
+ HASH_RANDOM_DESTROY;
+ } else {
+ /* if we failed to allocate our random number state, fall back on random() */
+ srandom(37);
+ for (i = 0; i < 256; i++) scatter[i] = random();
+ }
++init;
}
--
1.9.2
_______________________________________________
Intel-gfx mailing list
Intel-gfx@xxxxxxxxxxxxxxxxxxxxx
http://lists.freedesktop.org/mailman/listinfo/intel-gfx
