hello What is the current status of this patch, has it been applied? hackyzh002 <hackyzh002@xxxxxxxxx> 于2023年4月19日周三 20:23写道: > > The type of size is unsigned int, if size is 0x40000000, there will > be an integer overflow, size will be zero after size *= sizeof(uint32_t), > will cause uninitialized memory to be referenced later. > > Signed-off-by: hackyzh002 <hackyzh002@xxxxxxxxx> > --- > drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c > index 08eced097..89bcacc65 100644 > --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c > +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c > @@ -192,7 +192,7 @@ static int amdgpu_cs_pass1(struct amdgpu_cs_parser *p, > uint64_t *chunk_array_user; > uint64_t *chunk_array; > uint32_t uf_offset = 0; > - unsigned int size; > + size_t size; > int ret; > int i; > > -- > 2.34.1 >
