ldv-linux-3.0/module_get_put-drivers-gpu-drm-i915-i915.ko.cil.out: allocate memory

sosy-lab / sv-benchmarks

Collection of Verification Tasks (MOVED, please follow the link)

https://gitlab.com/sosy-lab/benchmarking/sv-benchmarks

184 stars 169 forks source link

ldv-linux-3.0/module_get_put-drivers-gpu-drm-i915-i915.ko.cil.out: allocate memory #1274

Closed tautschnig closed 3 years ago

tautschnig commented 3 years ago

The pointer var_group3 is eventually passed to kfree, and thus needs to point to heap-allocated memory to avoid memory safety issues. See also #1270.

sim642 commented 3 years ago

This fixes the case where main calls intel_hdmi_destroy which ends up freeing var_group3 as `connector, but that doesn't seem the only issue here.

When instead main calls intel_hdmi_get_modes, it ends up dereferencing uninitialized pointers in the malloced struct, e.g. (struct drm_i915_private *)(connector->dev)->dev_private.