> Hi, I got the crash reason : > ioctl( fd, EVIOCGBIT(0, EV_MAX), evbit ) ==> the second arg for > EVIOCGBIT macro is bad here,which should be "sizeof(evbit)". This might > cause memory overflow (the returned "31" bytes copied into actual 4 bytes > array). But I am confused why the issue is not detected on i386. Anyway,
This looks like a good catch. I guess the i386 driver isn't writing beyond the end of the bits or the order of memory use on the stack is different enough to avoid this being a problem. _______________________________________________ directfb-dev mailing list [email protected] http://mail.directfb.org/cgi-bin/mailman/listinfo/directfb-dev
