On Mon, 23 Apr 2012 04:06:42 -0400, Xi Wang <[email protected]> wrote: > On 32-bit systems, a large args->num_cliprects from userspace via ioctl > may overflow the allocation size, leading to out-of-bounds access. > > This vulnerability was introduced in commit 432e58ed ("drm/i915: Avoid > allocation for execbuffer object list"). > > Signed-off-by: Xi Wang <[email protected]> > Cc: Chris Wilson <[email protected]> > Cc: [email protected] Reviewed-by: Chris Wilson <[email protected]> -Chris
-- Chris Wilson, Intel Open Source Technology Centre _______________________________________________ Intel-gfx mailing list [email protected] http://lists.freedesktop.org/mailman/listinfo/intel-gfx
