On Mon, 23 Apr 2012 04:06:42 -0400, Xi Wang <[email protected]> wrote: > On 32-bit systems, a large args->num_cliprects from userspace via ioctl > may overflow the allocation size, leading to out-of-bounds access. > > This vulnerability was introduced in commit 432e58ed ("drm/i915: Avoid > allocation for execbuffer object list"). > > Signed-off-by: Xi Wang <[email protected]> > Cc: Chris Wilson <[email protected]> > Cc: [email protected] Reviewed-by: Chris Wilson <[email protected]> -Chris
-- Chris Wilson, Intel Open Source Technology Centre -- To unsubscribe from this list: send the line "unsubscribe stable" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html
