Hi, I have tried to extract the intel_engine_cmd_parser into a user-space binary and run libFuzzer on it. It found two ways to cause undefined behavior. I am not completely sure if the same issues can be triggered in the driver, or if something would prevent them from happening. Still I thought it is worth sharing it here. Michal Srb (2): drm/i915/cmdparser: Check reg_table_count before derefencing. drm/i915/cmdparser: Do not check bits past the cmd length. drivers/gpu/drm/i915/i915_cmd_parser.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) -- 2.13.6 _______________________________________________ dri-devel mailing list dri-devel@xxxxxxxxxxxxxxxxxxxxx https://lists.freedesktop.org/mailman/listinfo/dri-devel
