linux_old1/drivers/gpu/drm/savage
Xi Wang 6587eb8261 drm/savage: fix integer overflows in savage_bci_cmdbuf()
Since cmdbuf->size and cmdbuf->nbox are from userspace, a large value
would overflow the allocation size, leading to out-of-bounds access.

Signed-off-by: Xi Wang <xi.wang@gmail.com>
Signed-off-by: Dave Airlie <airlied@redhat.com>
2012-04-10 10:22:51 +01:00
..
Makefile drm: reorganise drm tree to be more future proof. 2008-07-14 10:45:01 +10:00
savage_bci.c savage: remove unnecessary if statement 2011-06-14 09:29:12 +10:00
savage_drv.c drm: Make the per-driver file_operations struct const 2011-11-11 11:14:47 +00:00
savage_drv.h drm: reorganise drm tree to be more future proof. 2008-07-14 10:45:01 +10:00
savage_state.c drm/savage: fix integer overflows in savage_bci_cmdbuf() 2012-04-10 10:22:51 +01:00