On Fri, Mar 6, 2020 at 1:55 PM Linus Torvalds torvalds@linux-foundation.org wrote:
On Fri, Mar 6, 2020 at 4:38 AM Daniel Vetter daniel@ffwll.ch wrote:
Linus, since this missed the -fixes pull from Dave maybe double check I'm not grossly wrong here and apply directly?
Hmm. I don't have the original email, mind just sending it to me (with the proper added sign-off chain)?
I'll stuff it into a pull and throw that your way, that's simplest. btw we did add dri-devel to lore a while back, so should be there:
Message-ID: 20200304022429.37738-1-zhangxiaoxu5@huawei.com https://lore.kernel.org/dri-devel/20200304022429.37738-1-zhangxiaoxu5@huawei...
It does strike me that there's nothing that seems to check for overflow in the "(width << 1) * height" calculation. Hmm?
Indeed I failed to hunt for that :-/ But I think we're good, in vc_do_resize() we have
if (cols > VC_RESIZE_MAXCOL || lines > VC_RESIZE_MAXROW) return -EINVAL;
And they're both (1<<15)-1 so I think should be good enough even on 32bit - I quickly checked and we're short of UINT_MAX:
$ echo $(((((1<<15)-1) << 1)*((1<<15)-1))) 2147352578
Cheers, Daniel