| Message ID | 1398692422-14849-1-git-send-email-leo.liu@amd.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
Am 28.04.2014 15:40, schrieb Leo Liu: > Signed-off-by: Leo Liu <leo.liu@amd.com> > Cc:stable@vger.kernel.org There should be a space between the "CC:" and "stable@vger.kernel.org" > --- > drivers/gpu/drm/radeon/radeon_uvd.c | 4 ++++ > 1 file changed, 4 insertions(+) > > diff --git a/drivers/gpu/drm/radeon/radeon_uvd.c b/drivers/gpu/drm/radeon/radeon_uvd.c > index 5748bda..0f96c47 100644 > --- a/drivers/gpu/drm/radeon/radeon_uvd.c > +++ b/drivers/gpu/drm/radeon/radeon_uvd.c > @@ -465,6 +465,10 @@ static int radeon_uvd_cs_reloc(struct radeon_cs_parser *p, > cmd = radeon_get_ib_value(p, p->idx) >> 1; > > if (cmd < 0x4) { > + if (end <= start) { > + DRM_ERROR("invalid reloc offset %X!\n", offset); > + return -EINVAL; > + } No idea where that came from (mail client or your editor), but checkpatch.pl complained that those new lines ended with DOS line endings. Anyway I've fixed those minor problems and applied it to my 3.15 queue. Thanks, Christian. > if ((end - start) < buf_sizes[cmd]) { > DRM_ERROR("buffer (%d) to small (%d / %d)!\n", cmd, > (unsigned)(end - start), buf_sizes[cmd]);
diff --git a/drivers/gpu/drm/radeon/radeon_uvd.c b/drivers/gpu/drm/radeon/radeon_uvd.c index 5748bda..0f96c47 100644 --- a/drivers/gpu/drm/radeon/radeon_uvd.c +++ b/drivers/gpu/drm/radeon/radeon_uvd.c @@ -465,6 +465,10 @@ static int radeon_uvd_cs_reloc(struct radeon_cs_parser *p, cmd = radeon_get_ib_value(p, p->idx) >> 1; if (cmd < 0x4) { + if (end <= start) { + DRM_ERROR("invalid reloc offset %X!\n", offset); + return -EINVAL; + } if ((end - start) < buf_sizes[cmd]) { DRM_ERROR("buffer (%d) to small (%d / %d)!\n", cmd, (unsigned)(end - start), buf_sizes[cmd]);
Signed-off-by: Leo Liu <leo.liu@amd.com> Cc:stable@vger.kernel.org --- drivers/gpu/drm/radeon/radeon_uvd.c | 4 ++++ 1 file changed, 4 insertions(+)