Join GitHub today
GitHub is home to over 31 million developers working together to host and review code, manage projects, and build software together.Sign up
integer overflow in sde_dbg of perseus-p-oss #1001
There is a suspected integer overflow in the sde_evtlog_filter_write method in drivers/gpu/drm/msm/sde_dbg.c. When the 3rd argument `count' is set to size_t-1, the addition of 1 in kzalloc (line 3006) will result in a wrap around zero because of an integer overflow. kzalloc will return ZERO_SIZE_PTR. The subsequent check which only considers NULL pointer (line 3007) will be bypassed.