Red Hat Bugzilla – Bug 434806
xenfb can crash when probe fails
Last modified: 2008-07-21 12:43:52 EDT
Description of problem:
xenfb_probe() dereferences null info->fb_info when register_framebuffer() fails.
register_framebuffer() fails when FB_MAX framebuffers are already registered. I
doubt this can happen, because the device is compiled in and thus probes fairly
When the bug bites, the driver dereferences a null pointer during cleanup from
the failed probe.
See bug 434802 for a proposed fix.
This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux maintenance release. Product Management has requested
further review of this request by Red Hat Engineering, for potential
inclusion in a Red Hat Enterprise Linux Update release for currently deployed
products. This request is not yet committed for inclusion in an Update
The proposed fix from bug 434802 has been committed as a fix for bug 434800.
Turning this one into a duplicate of 434800 to keep things simple and sane.
*** This bug has been marked as a duplicate of 434800 ***