On Wed, Feb 04, 2026 at 02:56:38PM +0000, Alexander Konyukhov wrote: > Thank you for the replies. > > According to ISO 9899 6.3.1 both operands are first converted to a common > type (u32), there are no defined limits of kfb->afbc_size and fb->offsets[0] > , so min_size can have an overflowed u32 value. >
Ack, my bad - thanks for the refresher on the promotion rules. I think afbc_size is indirectly constrained, but offsets[0] may not be. -Brian
