git.openpandora.org
/
pandora-kernel.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(parent:
4de833c
)
drm/savage: fix integer overflows in savage_bci_cmdbuf()
author
Xi Wang
<xi.wang@gmail.com>
Fri, 6 Apr 2012 21:38:24 +0000
(17:38 -0400)
committer
Dave Airlie
<airlied@redhat.com>
Tue, 10 Apr 2012 09:22:51 +0000
(10:22 +0100)
Since cmdbuf->size and cmdbuf->nbox are from userspace, a large value
would overflow the allocation size, leading to out-of-bounds access.
Signed-off-by: Xi Wang <xi.wang@gmail.com>
Signed-off-by: Dave Airlie <airlied@redhat.com>
No differences found
git.openpandora.org / pandora-kernel.git / commitdiff