There is a suspected integer overflow in the sde_evtlog_filter_write method in drivers/gpu/drm/msm/sde_dbg.c. When the 3rd argument `count' is set to size_t-1, the addition of 1 in kzalloc (line 3006) will result in a wrap around zero because of an integer overflow. kzalloc will return ZERO_SIZE_PTR. The subsequent check which only considers NULL pointer (line 3007) will be bypassed.
The text was updated successfully, but these errors were encountered:
There is a suspected integer overflow in the sde_evtlog_filter_write method in drivers/gpu/drm/msm/sde_dbg.c. When the 3rd argument `count' is set to size_t-1, the addition of 1 in kzalloc (line 3006) will result in a wrap around zero because of an integer overflow. kzalloc will return ZERO_SIZE_PTR. The subsequent check which only considers NULL pointer (line 3007) will be bypassed.
The text was updated successfully, but these errors were encountered: