The type of size is unsigned, if size is 0x4000, there will be an
integer overflow, size will be zero after size *= sizeof(uint32_t),
will cause uninitialized memory to be referenced later
Signed-off-by: hackyzh002
---
drivers/gpu/drm/radeon/radeon_cs.c | 4 ++--
1 file changed, 2 insertions
Am 19.04.23 um 06:24 schrieb hackyzh002:
The type of size is unsigned, if size is 0x4000, there will be an
integer overflow, size will be zero after size *= sizeof(uint32_t),
will cause uninitialized memory to be referenced later
Well good catch, but this is actually harmless.
Userspace ca
