You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
There is a suspected integer overflow bug in the _sde_debugfs_conn_cmd_tx_write method in drivers/gpu/drm/msm/sde/sde_connector.c. When the 3rd argument `count' is set to size_t-1, the addition of 1 in kmalloc (line 1548) will result in a wrap around zero because of an integer overflow. kmalloc will return ZERO_SIZE_PTR. The subsequent check which only considers NULL pointer (line 1549) will be bypassed.
The text was updated successfully, but these errors were encountered:
There is a suspected integer overflow bug in the _sde_debugfs_conn_cmd_tx_write method in drivers/gpu/drm/msm/sde/sde_connector.c. When the 3rd argument `count' is set to size_t-1, the addition of 1 in kmalloc (line 1548) will result in a wrap around zero because of an integer overflow. kmalloc will return ZERO_SIZE_PTR. The subsequent check which only considers NULL pointer (line 1549) will be bypassed.
The text was updated successfully, but these errors were encountered: