drm/amdgpu: Fix integer overflow in amdgpu_cs_pass1

The type of size is unsigned int, if size is 0x40000000, there will be an integer overflow, size will be zero after size *= sizeof(uint32_t), will cause uninitialized memory to be referenced later. Reviewed-by: Christian König <christian.koenig@amd.com> Signed-off-by: hackyzh002 <hackyzh002@gmail.com> Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
deepin-community · Apr 21, 2023 · 87c2213 · 87c2213
1 parent f828b68
commit 87c2213
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c
@@ -195,7 +195,7 @@ static int amdgpu_cs_pass1(struct amdgpu_cs_parser *p,
 	uint64_t *chunk_array_user;
 	uint64_t *chunk_array;
 	uint32_t uf_offset = 0;
-	unsigned int size;
+	size_t size;
 	int ret;
 	int i;