lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <bfc90c7a-4ade-4bf0-88e3-86697e664e35@suse.de>
Date: Thu, 2 Oct 2025 08:44:50 +0200
From: Thomas Zimmermann <tzimmermann@...e.de>
To: Bhanu Seshu Kumar Valluri <bhanuseshukumar@...il.com>,
 avier Martinez Canillas <javierm@...hat.com>,
 Maarten Lankhorst <maarten.lankhorst@...ux.intel.com>,
 Maxime Ripard <mripard@...nel.org>, David Airlie <airlied@...il.com>,
 Simona Vetter <simona@...ll.ch>
Cc: dri-devel@...ts.freedesktop.org, linux-kernel@...r.kernel.org,
 linux-kernel-mentees@...ts.linuxfoundation.org, skhan@...uxfoundation.org,
 david.hunter.linux@...il.com, khalid@...nel.org
Subject: Re: [PATCH] drm/ssd130x: Use kmalloc_array to prevent overflow of
 dynamic size calculation

Hi

Am 02.10.25 um 03:33 schrieb Bhanu Seshu Kumar Valluri:
> Use kmalloc_array to avoid potential overflow during dynamic size calculation
> inside kmalloc.
>
> Signed-off-by: Bhanu Seshu Kumar Valluri <bhanuseshukumar@...il.com>
> ---
>   Note:
>   Patch compiled successfully.
>   No functionality change is intended.
>
>   drivers/gpu/drm/solomon/ssd130x.c | 6 +++---
>   1 file changed, 3 insertions(+), 3 deletions(-)
>
> diff --git a/drivers/gpu/drm/solomon/ssd130x.c b/drivers/gpu/drm/solomon/ssd130x.c
> index eec43d1a5595..8368f0ffbe1e 100644
> --- a/drivers/gpu/drm/solomon/ssd130x.c
> +++ b/drivers/gpu/drm/solomon/ssd130x.c
> @@ -1498,7 +1498,7 @@ static int ssd130x_crtc_atomic_check(struct drm_crtc *crtc,
>   	if (ret)
>   		return ret;
>   
> -	ssd130x_state->data_array = kmalloc(ssd130x->width * pages, GFP_KERNEL);
> +	ssd130x_state->data_array = kmalloc_array(ssd130x->width, pages, GFP_KERNEL);

The first parameter is the number of elements. The second parameter is 
the size of an individual element. So the arguments should be swapped. 
Same for the other changes.

I know it's nitpicking, but who knows what it'll be good for. Fun fact 
is that even kmalloc_array mixes up both parameters internally.

Best regards
Thomas


>   	if (!ssd130x_state->data_array)
>   		return -ENOMEM;
>   
> @@ -1519,7 +1519,7 @@ static int ssd132x_crtc_atomic_check(struct drm_crtc *crtc,
>   	if (ret)
>   		return ret;
>   
> -	ssd130x_state->data_array = kmalloc(columns * ssd130x->height, GFP_KERNEL);
> +	ssd130x_state->data_array = kmalloc_array(columns, ssd130x->height, GFP_KERNEL);
>   	if (!ssd130x_state->data_array)
>   		return -ENOMEM;
>   
> @@ -1546,7 +1546,7 @@ static int ssd133x_crtc_atomic_check(struct drm_crtc *crtc,
>   
>   	pitch = drm_format_info_min_pitch(fi, 0, ssd130x->width);
>   
> -	ssd130x_state->data_array = kmalloc(pitch * ssd130x->height, GFP_KERNEL);
> +	ssd130x_state->data_array = kmalloc_array(pitch, ssd130x->height, GFP_KERNEL);
>   	if (!ssd130x_state->data_array)
>   		return -ENOMEM;
>   

-- 
--
Thomas Zimmermann
Graphics Driver Developer
SUSE Software Solutions Germany GmbH
Frankenstrasse 146, 90461 Nuernberg, Germany
GF: Ivo Totev, Andrew Myers, Andrew McDonald, Boudien Moerman
HRB 36809 (AG Nuernberg)



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ