| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 18 Jan 2019 13:20:20 +0100
From: Gerd Hoffmann <kraxel@...hat.com>
To: dri-devel@...ts.freedesktop.org
Cc: Gerd Hoffmann <kraxel@...hat.com>,
Dave Airlie <airlied@...hat.com>,
David Airlie <airlied@...ux.ie>,
Daniel Vetter <daniel@...ll.ch>,
virtualization@...ts.linux-foundation.org (open list:DRM DRIVER FOR QXL
VIRTUAL GPU),
spice-devel@...ts.freedesktop.org (open list:DRM DRIVER FOR QXL VIRTUAL
GPU), linux-kernel@...r.kernel.org (open list)
Subject: [PATCH v3 23/23] drm/qxl: add overflow checks to qxl_mode_dumb_create()
Signed-off-by: Gerd Hoffmann <kraxel@...hat.com>
---
drivers/gpu/drm/qxl/qxl_dumb.c | 10 ++++++----
1 file changed, 6 insertions(+), 4 deletions(-)
diff --git a/drivers/gpu/drm/qxl/qxl_dumb.c b/drivers/gpu/drm/qxl/qxl_dumb.c
index 272d19b677..bed6d06ee4 100644
--- a/drivers/gpu/drm/qxl/qxl_dumb.c
+++ b/drivers/gpu/drm/qxl/qxl_dumb.c
@@ -37,11 +37,13 @@ int qxl_mode_dumb_create(struct drm_file *file_priv,
uint32_t handle;
int r;
struct qxl_surface surf;
- uint32_t pitch, format;
+ uint32_t pitch, size, format;
- pitch = args->width * ((args->bpp + 1) / 8);
- args->size = pitch * args->height;
- args->size = ALIGN(args->size, PAGE_SIZE);
+ if (check_mul_overflow(args->width, ((args->bpp + 1) / 8), &pitch))
+ return -EINVAL;
+ if (check_mul_overflow(pitch, args->height, &size))
+ return -EINVAL;
+ args->size = ALIGN(size, PAGE_SIZE);
switch (args->bpp) {
case 16:
--
2.9.3
Powered by blists - more mailing lists