subject:"\[PATCH\] drm\: integer overflow in drm_mode_dirtyfb

Re: [PATCH] drm: integer overflow in drm_mode_dirtyfb_ioctl()

2011-12-15 Thread Eugene Teo

Cc'ed Dave's work email. On Wed, Nov 23, 2011 at 2:12 PM, Xi Wang wrote: > There is a potential integer overflow in drm_mode_dirtyfb_ioctl() > if userspace passes in a large num_clips. The call to kmalloc would > allocate a small buffer, and the call to fb->funcs->dirty may result > in a memory

[PATCH] drm: integer overflow in drm_mode_dirtyfb_ioctl()

2011-12-14 Thread Eugene Teo

Cc'ed Dave's work email. On Wed, Nov 23, 2011 at 2:12 PM, Xi Wang wrote: > There is a potential integer overflow in drm_mode_dirtyfb_ioctl() > if userspace passes in a large num_clips. ?The call to kmalloc would > allocate a small buffer, and the call to fb->funcs->dirty may result > in a memory

Re: [PATCH] drm: integer overflow in drm_mode_dirtyfb_ioctl()

2011-12-14 Thread Greg KH

; > secur...@kernel.org, "Dave Airlie" > > Sent: Wednesday, 14 December, 2011 1:16:49 PM > > Subject: Re: [PATCH] drm: integer overflow in drm_mode_dirtyfb_ioctl() > > > > Cc'ed Dave's work email. > > This is already in Linus tree, went there a w

[PATCH] drm: integer overflow in drm_mode_dirtyfb_ioctl()

2011-12-14 Thread Greg KH

nel.org, > > security at kernel.org, "Dave Airlie" > > Sent: Wednesday, 14 December, 2011 1:16:49 PM > > Subject: Re: [PATCH] drm: integer overflow in drm_mode_dirtyfb_ioctl() > > > > Cc'ed Dave's work email. > > This is already in Linus tree, went

[PATCH] drm: integer overflow in drm_mode_dirtyfb_ioctl()

2011-12-14 Thread David Airlie

- Original Message - > From: "Eugene Teo" > To: "Xi Wang" > Cc: "David Airlie" , dri-devel at lists.freedesktop.org, > linux-kernel at vger.kernel.org, > security at kernel.org, "Dave Airlie" > Sent: Wednesday, 14 December, 20

Re: [PATCH] drm: integer overflow in drm_mode_dirtyfb_ioctl()

2011-12-14 Thread David Airlie

- Original Message - > From: "Eugene Teo" > To: "Xi Wang" > Cc: "David Airlie" , dri-devel@lists.freedesktop.org, > linux-ker...@vger.kernel.org, > secur...@kernel.org, "Dave Airlie" > Sent: Wednesday, 14 December, 2011

[PATCH] drm: integer overflow in drm_mode_dirtyfb_ioctl()

2011-11-23 Thread Xi Wang

There is a potential integer overflow in drm_mode_dirtyfb_ioctl() if userspace passes in a large num_clips. The call to kmalloc would allocate a small buffer, and the call to fb->funcs->dirty may result in a memory corruption. Reported-by: Haogang Chen Signed-off-by: Xi Wang --- drivers/gpu/dr

[PATCH] drm: integer overflow in drm_mode_dirtyfb_ioctl()

2011-11-22 Thread Xi Wang

There is a potential integer overflow in drm_mode_dirtyfb_ioctl() if userspace passes in a large num_clips. The call to kmalloc would allocate a small buffer, and the call to fb->funcs->dirty may result in a memory corruption. Reported-by: Haogang Chen Signed-off-by: Xi Wang --- drivers/gpu/dr

Re: [PATCH] drm: integer overflow in drm_mode_dirtyfb_ioctl()

[PATCH] drm: integer overflow in drm_mode_dirtyfb_ioctl()

Re: [PATCH] drm: integer overflow in drm_mode_dirtyfb_ioctl()

[PATCH] drm: integer overflow in drm_mode_dirtyfb_ioctl()

[PATCH] drm: integer overflow in drm_mode_dirtyfb_ioctl()

Re: [PATCH] drm: integer overflow in drm_mode_dirtyfb_ioctl()

[PATCH] drm: integer overflow in drm_mode_dirtyfb_ioctl()

[PATCH] drm: integer overflow in drm_mode_dirtyfb_ioctl()

8 matches

Site Navigation

Mail list logo

Footer information