Hi,I found some problems, but I don't know if how to solve it better(I'm not really familiar with the source code).
When I use ioctl() and use a structure like this:
struct drm_mode_card_res { __u64 fb_id_ptr; __u64 crtc_id_ptr; __u64 connector_id_ptr; __u64 encoder_id_ptr; __u32 count_fbs; .... }; And in syscall_types.h STRUCT(drm_mode_card_res, TYPE_PTRVOID, TYPE_PTRVOID, TYPE_PTRVOID, TYPE_PTRVOID, TYPE_INT, ... ) Some code: ... if (res.count_fbs) { res.fb_id_ptr = VOID2U64(drmMalloc(res.count_fbs*sizeof(uint32_t))); if (!res.fb_id_ptr) goto err_allocs; } ...
This is strace: openat(AT_FDCWD,"/dev/dri/card0",O_RDWR|O_LARGEFILE|O_CLOEXEC) = 4 9469 ioctl(4,DRM_IOCTL_GET_CAP,{1,0}) = 0 ({1,1}) 9469 ioctl(4,DRM_IOCTL_MODE_GETRESOURCES,{0x0,0x0,0x0,0x0,0,0,0,0,0,0,0,0}) = 0 ({0x0,0x0,0x0,0x0,0,2,2,2,0,16384,0,16384}) 9469 brk(NULL) = 0x40006000 9469 brk(0x40027000) = 0x40027000 9469 brk(0x40028000) = 0x40028000 9469 ioctl(4,DRM_IOCTL_MODE_GETRESOURCES,{0x0,0x0,0x400061a0,0x0,0,2,1073832368,0,0,16384,0,16384}) = -1 errno=14 (Bad address) 9469 brk(0x40027000) = 0x40027000
Look 9469 ioctl(4,DRM_IOCTL_MODE_GETRESOURCES,{0x0,0x0,0x400061a0,0x0,0,2,1073832368,0,0,16384,0,16384}) = -1 errno=14 (Bad address)
Why does memory overrun occur here??? I think this is right: {0x0,0x400061a0,1073832368(0x400061a0),0x400061c0,0,2,2,2,0,16384,0,16384}
Who can help me? Thank you!
Hi,I found some problems, but I don't know if how to solve it better(I'm not really familiar with the source code).
When I use ioctl() and use a structure like this:
struct drm_mode_card_res { drm_mode_ card_res,
TYPE_PTRVOID,
TYPE_PTRVOID,
TYPE_PTRVOID,
TYPE_PTRVOID, drmMalloc( res.count_ fbs*sizeof( uint32_ t)));
__u64 fb_id_ptr;
__u64 crtc_id_ptr;
__u64 connector_id_ptr;
__u64 encoder_id_ptr;
__u32 count_fbs;
....
};
And in syscall_types.h
STRUCT(
TYPE_INT,
...
)
Some code:
...
if (res.count_fbs) {
res.fb_id_ptr = VOID2U64(
if (!res.fb_id_ptr)
goto err_allocs;
}
...
This is strace: AT_FDCWD, "/dev/dri/ card0", O_RDWR| O_LARGEFILE| O_CLOEXEC) = 4 DRM_IOCTL_ GET_CAP, {1,0}) = 0 ({1,1}) DRM_IOCTL_ MODE_GETRESOURC ES,{0x0, 0x0,0x0, 0x0,0,0, 0,0,0,0, 0,0}) = 0 ({0x0,0x0, 0x0,0x0, 0,2,2,2, 0,16384, 0,16384} ) DRM_IOCTL_ MODE_GETRESOURC ES,{0x0, 0x0,0x400061a0, 0x0,0,2, 1073832368, 0,0,16384, 0,16384} ) = -1 errno=14 (Bad address)
openat(
9469 ioctl(4,
9469 ioctl(4,
9469 brk(NULL) = 0x40006000
9469 brk(0x40027000) = 0x40027000
9469 brk(0x40028000) = 0x40028000
9469 ioctl(4,
9469 brk(0x40027000) = 0x40027000
Look DRM_IOCTL_ MODE_GETRESOURC ES,{0x0, 0x0,0x400061a0, 0x0,0,2, 1073832368, 0,0,16384, 0,16384} ) = -1 errno=14 (Bad address)
9469 ioctl(4,
Why does memory overrun occur here??? ,1073832368( 0x400061a0) ,0x400061c0, 0,2,2,2, 0,16384, 0,16384}
I think this is right:
{0x0,0x400061a0
Who can help me? Thank you!