Skip to main content

Browse the archive

https://github.com/torvalds/linux
23 October 2021, 00:29:24 UTC
Revision a5cd335165e31db9dbab636fd29895d41da55dd2 authored by Xi Wang on 23 November 2011, 06:12:01 UTC, committed by Dave Airlie on 23 November 2011, 08:59:28 UTC 
drm: integer overflow in drm_mode_dirtyfb_ioctl()
 
There is a potential integer overflow in drm_mode_dirtyfb_ioctl()
if userspace passes in a large num_clips.  The call to kmalloc would
allocate a small buffer, and the call to fb->funcs->dirty may result
in a memory corruption.

Reported-by: Haogang Chen <haogangchen@gmail.com>
Signed-off-by: Xi Wang <xi.wang@gmail.com>
Cc: stable@kernel.org
Signed-off-by: Dave Airlie <airlied@redhat.com>
1 parent c916874
History
Tip revision: a5cd335165e31db9dbab636fd29895d41da55dd2 authored by Xi Wang on 23 November 2011, 06:12:01 UTC
drm: integer overflow in drm_mode_dirtyfb_ioctl()
Tip revision: a5cd335
File Mode Size
Documentation
arch
block
crypto
drivers
firmware
fs
include
init
ipc
kernel
lib
mm
net
samples
scripts
security
sound
tools
usr
virt
.gitignore -rw-r--r-- 1014 bytes
.mailmap -rw-r--r-- 4.1 KB
COPYING -rw-r--r-- 18.3 KB
CREDITS -rw-r--r-- 92.6 KB
Kbuild -rw-r--r-- 2.5 KB
Kconfig -rw-r--r-- 252 bytes
MAINTAINERS -rw-r--r-- 201.3 KB
Makefile -rw-r--r-- 52.2 KB
README -rw-r--r-- 17.0 KB
REPORTING-BUGS -rw-r--r-- 3.3 KB

README

back to top