[PATCH 1/2] drm/i915: fix integer overflow in i915_gem_execbuffer2()

Chris Wilson chris at chris-wilson.co.uk
Fri Apr 6 06:36:40 PDT 2012

On Fri,  6 Apr 2012 08:58:18 -0400, Xi Wang <xi.wang at gmail.com> wrote:
> A large args->buffer_count from userspace may overflow the allocation
> size, leading to out-of-bounds access.
> Use kmalloc_array() to avoid that.

I can safely say that exec list larger than 4GiB is going to be an
illegal operation and would rather the ioctl failed outright with

Chris Wilson, Intel Open Source Technology Centre

More information about the dri-devel mailing list