Quoting Dan Carpenter (2018-05-16 15:00:26) > There is a comment here which says that DIV_ROUND_UP() and that's where > the problem comes from. Say you pick: > > args->bpp = UINT_MAX - 7; > args->width = 4; > args->height = 1; > > The integer overflow in DIV_ROUND_UP() means "cpp" is UINT_MAX / 8 and > because of how we picked args->width that means cpp < UINT_MAX / 4. > > I've fixed it by preventing the integer overflow in DIV_ROUND_UP(). I > removed the check for !cpp because it's not possible after this change. > I also changed all the 0xffffffffU references to U32_MAX. > > Signed-off-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx> I agree with Daniel that the !cpp check after DIV_ROUND_UP was sufficient to guard the current code, but switching to a more idiomatic style of overflow checking has its benefits too. Plus I like having U32_MAX to compare the type ranges against. Reviewed-by: Chris Wilson <chris@xxxxxxxxxxxxxxxxxx> -Chris -- To unsubscribe from this list: send the line "unsubscribe kernel-janitors" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
