1. 02 Feb, 2017 20 commits
  2. 01 Feb, 2017 6 commits
  3. 31 Jan, 2017 13 commits
  4. 30 Jan, 2017 1 commit
    • Joonyoung Shim's avatar
      drm/exynos: g2d: prevent integer overflow in · e41456bf
      Joonyoung Shim authored
      The size computations done in the ioctl function use an integer.
      If userspace submits a request with req->cmd_nr or req->cmd_buf_nr
      set to INT_MAX, the integer computations overflow later, leading
      to potential (kernel) memory corruption.
      
      Prevent this issue by enforcing a limit on the number of submitted
      commands, so that we have enough headroom later for the size
      computations.
      
      Note that this change has no impact on the currently available
      users in userspace, like e.g. libdrm/exynos.
      
      While at it, also make a comment about the size computation more
      detailed.
      Signed-off-by: default avatarJoonyoung Shim <jy0922.shim@samsung.com>
      Signed-off-by: default avatarTobias Jakobi <tjakobi@math.uni-bielefeld.de>
      Signed-off-by: default avatarInki Dae <inki.dae@samsung.com>
      e41456bf