lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <87zfa94vra.fsf@ocarina.mail-host-address-is-not-set>
Date: Thu, 02 Oct 2025 09:18:17 +0200
From: Javier Martinez Canillas <javierm@...hat.com>
To: Thomas Zimmermann <tzimmermann@...e.de>, Bhanu Seshu Kumar Valluri
 <bhanuseshukumar@...il.com>, Maarten Lankhorst
 <maarten.lankhorst@...ux.intel.com>, Maxime Ripard <mripard@...nel.org>,
 David Airlie <airlied@...il.com>, Simona Vetter <simona@...ll.ch>
Cc: dri-devel@...ts.freedesktop.org, linux-kernel@...r.kernel.org,
 linux-kernel-mentees@...ts.linuxfoundation.org, skhan@...uxfoundation.org,
 david.hunter.linux@...il.com, khalid@...nel.org
Subject: Re: [PATCH] drm/ssd130x: Use kmalloc_array to prevent overflow of
 dynamic size calculation

Thomas Zimmermann <tzimmermann@...e.de> writes:

Hello Bhanu and Thomas,

> Hi
>
> Am 02.10.25 um 03:33 schrieb Bhanu Seshu Kumar Valluri:
>> Use kmalloc_array to avoid potential overflow during dynamic size calculation
>> inside kmalloc.
>>
>> Signed-off-by: Bhanu Seshu Kumar Valluri <bhanuseshukumar@...il.com>
>> ---

The same patch was posted by another developer a couple of weeks ago
and is now queued already in the drm-misc-next branch:

https://cgit.freedesktop.org/drm/drm-misc/commit/?id=940dd88c5f5bdb1f3e19873a856a677ebada63a9

>>   Note:
>>   Patch compiled successfully.
>>   No functionality change is intended.
>>
>>   drivers/gpu/drm/solomon/ssd130x.c | 6 +++---
>>   1 file changed, 3 insertions(+), 3 deletions(-)
>>
>> diff --git a/drivers/gpu/drm/solomon/ssd130x.c b/drivers/gpu/drm/solomon/ssd130x.c
>> index eec43d1a5595..8368f0ffbe1e 100644
>> --- a/drivers/gpu/drm/solomon/ssd130x.c
>> +++ b/drivers/gpu/drm/solomon/ssd130x.c
>> @@ -1498,7 +1498,7 @@ static int ssd130x_crtc_atomic_check(struct drm_crtc *crtc,
>>   	if (ret)
>>   		return ret;
>>   
>> -	ssd130x_state->data_array = kmalloc(ssd130x->width * pages, GFP_KERNEL);
>> +	ssd130x_state->data_array = kmalloc_array(ssd130x->width, pages, GFP_KERNEL);
>
> The first parameter is the number of elements. The second parameter is 
> the size of an individual element. So the arguments should be swapped. 
> Same for the other changes.
>
> I know it's nitpicking, but who knows what it'll be good for. Fun fact 
> is that even kmalloc_array mixes up both parameters internally.
>

You are right. I didn't notice this subtlety when reviewing mentioned
patch that pushed to drm-misc-next.

> Best regards
> Thomas
>
>

-- 
Best regards,

Javier Martinez Canillas
Core Platforms
Red Hat


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ