www.infradead.org Git - users/jedix/linux-maple.git/commit

author	Dan Carpenter <dan.carpenter@linaro.org>
	Fri, 15 Nov 2024 14:50:08 +0000 (17:50 +0300)
committer	Rob Clark <robdclark@chromium.org>
	Fri, 3 Jan 2025 15:20:27 +0000 (07:20 -0800)
commit	3a47f4b439beb98e955d501c609dfd12b7836d61
tree	d6dc9def5a1814047544ee6faf6d427eaf7873c6	tree
parent	7a637e5e27a68fd52327a80136d5d0184c43888f	commit \| diff

drm/msm/gem: prevent integer overflow in msm_ioctl_gem_submit()

The "submit->cmd[i].size" and "submit->cmd[i].offset" variables are u32
values that come from the user via the submit_lookup_cmds() function.
This addition could lead to an integer wrapping bug so use size_add()
to prevent that.

Fixes: 198725337ef1 ("drm/msm: fix cmdstream size check")
Cc: stable@vger.kernel.org
Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org>
Patchwork: https://patchwork.freedesktop.org/patch/624696/
Signed-off-by: Rob Clark <robdclark@chromium.org>