On Fri, 03 Nov 2023 14:58:22 +0100, Takashi Iwai wrote: > > On Thu, 02 Nov 2023 20:03:10 +0100, > Philipp Stanner wrote: > > > > wavefront_fx.c utilizes memdup_user() to copy a userspace array. This > > does not check for an overflow. > > There is a check above the memdup_user() call; it's at most 512 > bytes. > > > Use the new wrapper memdup_array_user() to copy the array more safely. > > > > Suggested-by: Dave Airlie <airlied@xxxxxxxxxx> > > Signed-off-by: Philipp Stanner <pstanner@xxxxxxxxxx> > > Although the check is already present, it's still better to use the > new helper, so I applied the patch now. ... and the helper is available only on Linus tree for now, so I postpone after 6.7-rc1 release, so that we can have a solid base. Takashi