[PATCH 1/2] drm/i915: fix integer overflow in i915_gem_execbuffer2()
chris at chris-wilson.co.uk
Fri Apr 6 06:36:40 PDT 2012
On Fri, 6 Apr 2012 08:58:18 -0400, Xi Wang <xi.wang at gmail.com> wrote:
> A large args->buffer_count from userspace may overflow the allocation
> size, leading to out-of-bounds access.
> Use kmalloc_array() to avoid that.
I can safely say that exec list larger than 4GiB is going to be an
illegal operation and would rather the ioctl failed outright with
Chris Wilson, Intel Open Source Technology Centre
More information about the dri-devel