Commit 87c2213e authored by hackyzh002's avatar hackyzh002 Committed by Alex Deucher

drm/amdgpu: Fix integer overflow in amdgpu_cs_pass1

The type of size is unsigned int, if size is 0x40000000, there will
be an integer overflow, size will be zero after size *= sizeof(uint32_t),
will cause uninitialized memory to be referenced later.
Reviewed-by: default avatarChristian König <christian.koenig@amd.com>
Signed-off-by: default avatarhackyzh002 <hackyzh002@gmail.com>
Signed-off-by: default avatarAlex Deucher <alexander.deucher@amd.com>
parent f828b681
......@@ -195,7 +195,7 @@ static int amdgpu_cs_pass1(struct amdgpu_cs_parser *p,
uint64_t *chunk_array_user;
uint64_t *chunk_array;
uint32_t uf_offset = 0;
unsigned int size;
size_t size;
int ret;
int i;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment