[PATCH RFC 013/111] staging: etnaviv: fix ring buffer overflow check
Lucas Stach
l.stach at pengutronix.de
Thu Apr 2 08:29:15 PDT 2015
From: Russell King <rmk+kernel at arm.linux.org.uk>
The ring buffer offset is an index into an array of uint32_t, whereas
obj->base.size is measured in bytes. Comparing these two is nonsense.
Convert the index into a byte offset first.
Signed-off-by: Russell King <rmk+kernel at arm.linux.org.uk>
---
drivers/staging/etnaviv/etnaviv_buffer.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/staging/etnaviv/etnaviv_buffer.c b/drivers/staging/etnaviv/etnaviv_buffer.c
index 6afb9c702628..729387571537 100644
--- a/drivers/staging/etnaviv/etnaviv_buffer.c
+++ b/drivers/staging/etnaviv/etnaviv_buffer.c
@@ -30,7 +30,7 @@
static inline void OUT(struct etnaviv_gem_object *buffer, uint32_t data)
{
u32 *vaddr = (u32 *)buffer->vaddr;
- BUG_ON(buffer->offset >= buffer->base.size);
+ BUG_ON(buffer->offset * sizeof(*vaddr) >= buffer->base.size);
vaddr[buffer->offset++] = data;
}
--
2.1.4
More information about the dri-devel
mailing list