[PATCH RFC 013/111] staging: etnaviv: fix ring buffer overflow check

Lucas Stach Thu, 2 Apr 2015 17:29:15 +0200

From: Russell King <rmk+ker...@arm.linux.org.uk>

The ring buffer offset is an index into an array of uint32_t, whereas
obj->base.size is measured in bytes.  Comparing these two is nonsense.
Convert the index into a byte offset first.


Signed-off-by: Russell King <rmk+kernel at arm.linux.org.uk>
---
 drivers/staging/etnaviv/etnaviv_buffer.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/staging/etnaviv/etnaviv_buffer.c 
b/drivers/staging/etnaviv/etnaviv_buffer.c
index 6afb9c702628..729387571537 100644
--- a/drivers/staging/etnaviv/etnaviv_buffer.c
+++ b/drivers/staging/etnaviv/etnaviv_buffer.c
@@ -30,7 +30,7 @@
 static inline void OUT(struct etnaviv_gem_object *buffer, uint32_t data)
 {
        u32 *vaddr = (u32 *)buffer->vaddr;
-       BUG_ON(buffer->offset >= buffer->base.size);
+       BUG_ON(buffer->offset * sizeof(*vaddr) >= buffer->base.size);

        vaddr[buffer->offset++] = data;
 }
-- 
2.1.4

[PATCH RFC 013/111] staging: etnaviv: fix ring buffer overflow check

Reply via email to