lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <zhbz7lxbl6zxmrulxve6tnoibm6vx26uuafvr2d5vg7gwwnlq6@w4niz5ei4qrx>
Date: Wed, 4 Feb 2026 16:20:07 +0000
From: Brian Starkey <brian.starkey@....com>
To: Alexander Konyukhov <Alexander.Konyukhov@...persky.com>
Cc: Liviu Dudau <liviu.dudau@....com>, 
	Maarten Lankhorst <maarten.lankhorst@...ux.intel.com>, Maxime Ripard <mripard@...nel.org>, 
	Thomas Zimmermann <tzimmermann@...e.de>, David Airlie <airlied@...il.com>, 
	Simona Vetter <simona@...ll.ch>, 
	"dri-devel@...ts.freedesktop.org" <dri-devel@...ts.freedesktop.org>, "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>, 
	"lvc-project@...uxtesting.org" <lvc-project@...uxtesting.org>, "nd@....com" <nd@....com>
Subject: Re: [PATCH] drm/komeda: fix integer overflow in AFBC framebuffer
 size check

On Wed, Feb 04, 2026 at 02:56:38PM +0000, Alexander Konyukhov wrote:
> Thank you for the replies.
> 
> According to ISO 9899 6.3.1 both operands are first converted to a common type (u32), there are no defined limits of kfb->afbc_size and fb->offsets[0] , so min_size can have an overflowed u32 value.
> 

Ack, my bad - thanks for the refresher on the promotion rules.

I think afbc_size is indirectly constrained, but offsets[0] may not
be.

-Brian

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ