Mercurial Mercurial > upstream > oracle > x-cons > x-s11-update-clone / diff
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
open-src/lib/libpciaccess/6811468.patch
changeset 705 24ca414edbff
parent 704 f9b973ecc909
child 706 43bb5cf562a2 
--- a/open-src/lib/libpciaccess/6811468.patch	Thu May 14 20:00:54 2009 -0700
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,71 +0,0 @@
-From be748a7b512bf5597e162694a3b1769132938fe1 Mon Sep 17 00:00:00 2001
-From: Alan Coopersmith <[email protected]>
-Date: Wed, 15 Apr 2009 10:06:49 -0700
-Subject: [PATCH] Sun bug 6811468: pci_device_solx_devfs_probe accesses freed memory
-
-di_fini() is being called in pci_device_solx_devfs_probe()
-The di_fini (3DEVINFO) man page says "All  handles associated with this
-snapshot become invalid after the  call to di_fini()".  But after that,
-eight lines down, the subroutine was calling di_prop_lookup_ints with
-a handle args.node which was stored from walking the device tree, and
-then using the pointers that returned even further down.
-
-Signed-off-by: Alan Coopersmith <[email protected]>
----
- src/solx_devfs.c |   12 +++++++-----
- 1 files changed, 7 insertions(+), 5 deletions(-)
-
-diff --git a/src/solx_devfs.c b/src/solx_devfs.c
-index 7d582ad..b56819c 100644
---- a/src/solx_devfs.c
-+++ b/src/solx_devfs.c
-@@ -726,8 +726,8 @@ pci_device_solx_devfs_probe( struct pci_device * dev )
- {
-     uint8_t  config[256];
-     int err;
--    di_node_t rnode;
--    i_devnode_t args;
-+    di_node_t rnode = DI_NODE_NIL;
-+    i_devnode_t args = { 0, 0, 0, DI_NODE_NIL };
-     int *regbuf;
-     pci_regspec_t *reg;
-     int i;
-@@ -736,7 +736,6 @@ pci_device_solx_devfs_probe( struct pci_device * dev )
-     uint ent = 0;
- 
-     err = pci_device_solx_devfs_read( dev, config, 0, 256, & bytes );
--    args.node = DI_NODE_NIL;
- 
-     if ( bytes >= 64 ) {
- 	struct pci_device_private *priv =
-@@ -771,7 +770,6 @@ pci_device_solx_devfs_probe( struct pci_device * dev )
- 	    args.func = dev->func;
- 	    (void) di_walk_node(rnode, DI_WALK_CLDFIRST,
- 				(void *)&args, find_target_node);
--	    di_fini(rnode);
- 	}
-     }
-     if (args.node != DI_NODE_NIL) {
-@@ -786,7 +784,7 @@ pci_device_solx_devfs_probe( struct pci_device * dev )
-     }
- 
-     if (len <= 0)
--	return (err);
-+	goto cleanup;
- 
- 
-     /*
-@@ -868,6 +866,10 @@ pci_device_solx_devfs_probe( struct pci_device * dev )
- 	}
-     }
- 
-+  cleanup:
-+    if (rnode != DI_NODE_NIL) {
-+	di_fini(rnode);
-+    }
-     return (err);
- }
- 
--- 
-1.5.6.5
-
upstream/oracle/x-cons/x-s11-update-clone