Skip to content
Commit 6587eb82 authored by Xi Wang's avatar Xi Wang Committed by Dave Airlie
Browse files

drm/savage: fix integer overflows in savage_bci_cmdbuf() 



Since cmdbuf->size and cmdbuf->nbox are from userspace, a large value
would overflow the allocation size, leading to out-of-bounds access.

Signed-off-by: default avatarXi Wang <xi.wang@gmail.com>
Signed-off-by: default avatarDave Airlie <airlied@redhat.com>
parent 4de833c3
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment