Re: [PATCH] drm/vmwgfx: Check check that number of mip levels is above zero in vmw_surface_define_ioctl()

Hi, thank you for this patch. Murray McAllister reported this one a couple of months ago, and this is already in our queue. Sinclair On Fri, Mar 24, 2017 at 04:37:10PM +0100, Vladis Dronov wrote: > In vmw_surface_define_ioctl(), a num_sizes parameter is assigned a > user-controlled value which

Re: [PATCH] drm/vmwgfx: Check check that number of mip levels is above zero in vmw_surface_define_ioctl()

Hi, thank you for this patch. Murray McAllister reported this one a couple of months ago, and this is already in our queue. Sinclair On Fri, Mar 24, 2017 at 04:37:10PM +0100, Vladis Dronov wrote: > In vmw_surface_define_ioctl(), a num_sizes parameter is assigned a > user-controlled value which

[PATCH] drm/vmwgfx: Check check that number of mip levels is above zero in vmw_surface_define_ioctl()

In vmw_surface_define_ioctl(), a num_sizes parameter is assigned a user-controlled value which is not checked for zero. It is used in a call to kmalloc() which returns ZERO_SIZE_PTR. Later ZERO_SIZE_PTR is dereferenced which leads to a GPF and possibly to a kernel panic. Add the check for zero to

[PATCH] drm/vmwgfx: Check check that number of mip levels is above zero in vmw_surface_define_ioctl()

In vmw_surface_define_ioctl(), a num_sizes parameter is assigned a user-controlled value which is not checked for zero. It is used in a call to kmalloc() which returns ZERO_SIZE_PTR. Later ZERO_SIZE_PTR is dereferenced which leads to a GPF and possibly to a kernel panic. Add the check for zero to