[patch 1/2] gpu: host1x: fix an integer overflow check
Thierry Reding
thierry.reding at gmail.com
Tue Aug 27 01:30:24 PDT 2013
On Fri, Aug 23, 2013 at 01:18:25PM +0300, Dan Carpenter wrote:
> Tegra is a 32 bit arch. On 32 bit systems then size_t is 32 bits so
> "total" will never be higher than UINT_MAX because of integer overflows.
> We need cast to u64 first before doing the math.
>
> Also the addition earlier:
>
> unsigned int num_unpins = num_cmdbufs + num_relocs;
>
> That can overflow as well, but I think it's still safe because we check
> both "num_cmdbufs" and "num_relocs" again in this test.
>
> Signed-off-by: Dan Carpenter <dan.carpenter at oracle.com>
> ---
> This is something I spotted in code review. I can't actually compile
> this code. I assume this overflow test has security implications.
It did compile and looks good to me, so I've applied it.
Thanks,
Thierry
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: not available
URL: <http://lists.freedesktop.org/archives/dri-devel/attachments/20130827/bf6a6e9c/attachment.pgp>
More information about the dri-devel
mailing list