subject:"\[PATCH\] drm\/savage\: fix integer overflows in savage_bci_cmdbuf\(\)"

[PATCH] drm/savage: fix integer overflows in savage_bci_cmdbuf()

2012-04-06 Thread Xi Wang

Since cmdbuf->size and cmdbuf->nbox are from userspace, a large value would overflow the allocation size, leading to out-of-bounds access. Signed-off-by: Xi Wang --- drivers/gpu/drm/savage/savage_state.c |6 +++--- 1 files changed, 3 insertions(+), 3 deletions(-) diff --git a/drivers/gpu/dr

[PATCH] drm/savage: fix integer overflows in savage_bci_cmdbuf()

2012-04-06 Thread Xi Wang

Since cmdbuf->size and cmdbuf->nbox are from userspace, a large value would overflow the allocation size, leading to out-of-bounds access. Signed-off-by: Xi Wang --- drivers/gpu/drm/savage/savage_state.c |6 +++--- 1 files changed, 3 insertions(+), 3 deletions(-) diff --git a/drivers/gpu/dr