This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| IOAcceleratorFamily null-deref: | |
| This bug was made aware to me by this panic log: | |
| https://www.reddit.com/r/jailbreakdevelopers/comments/dfs5cn/ios_system_panic_kernel_data_abort_very_strange/ | |
| IOAccelShared2::create_shmem() is an external method that a userspace client can call to request a shared memory mapping that | |
| will be used by other external methods. This method verifies that the size of the requested shared memory is no greater | |
| than 0x10000000 bytes, then registers this mapping with a unique "id" and returns the value of IOAccelDeviceShmem::getClientData() | |
| along with the associated id back to userspace. However, this check is not always small enough to ensure that the memory can be |