Ramfs and NULL pointer

[Robert Jarzmik]

Robert Jarzmik <robert.jarzmik at free.fr> writes:

> diff --git a/commands/splash.c b/commands/splash.c
> index 65dd530..b0830fb 100644
> --- a/commands/splash.c
> +++ b/commands/splash.c
> @@ -49,6 +49,8 @@ static int do_splash(int argc, char *argv[])
>  	}
>  	image_file = argv[optind];
>  
> +	memset(&sc, 0, sizeof(sc));
> +	memset(&s, 0, sizeof(s));
This last memset is misplaced actually, it should be far upper in the funciton.
So the correct patch would be :

----8>----
>From ea8d7e02533bea9908d8a56ef6b59483f65a3530 Mon Sep 17 00:00:00 2001
From: Robert Jarzmik <robert.jarzmik at free.fr>
Date: Tue, 20 Nov 2012 21:33:49 +0100
Subject: [PATCH] splash: fix splash breakage

Commit 3fa8d74a introduced structures screen and surface.
Unfortunately, these structures are allocated on the stack,
and not initialized.

As a consequence, sc->offscreen might contain a random
value, which is used later for memcpy operations, corrupting
memory.

Fix it by initializing the structures.

Signed-off-by: Robert Jarzmik <robert.jarzmik at free.fr>
---
 commands/splash.c |    2 ++
 1 file changed, 2 insertions(+)

diff --git a/commands/splash.c b/commands/splash.c
index 65dd530..370c3a2 100644
--- a/commands/splash.c
+++ b/commands/splash.c
@@ -19,6 +19,7 @@ static int do_splash(int argc, char *argv[])
 	u32 bg_color = 0x00000000;
 	bool do_bg = false;
 
+	memset(&s, 0, sizeof(s));
 	s.x = -1;
 	s.y = -1;
 	s.width = -1;
@@ -49,6 +50,7 @@ static int do_splash(int argc, char *argv[])
 	}
 	image_file = argv[optind];
 
+	memset(&sc, 0, sizeof(sc));
 	fd = fb_open(fbdev, &sc, offscreen);
 	if (fd < 0) {
 		perror("fd_open");
-- 
1.7.10.4

-- 
Robert