Skip to content
GitLab
Projects Groups Topics Snippets
  • /
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
  • Sign in
  • L linux-coresight-backports
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributor statistics
    • Graph
    • Compare revisions
    • Locked files
  • Issues 0
    • Issues 0
    • List
    • Boards
    • Service Desk
    • Milestones
    • Iterations
    • Requirements
  • Merge requests 0
    • Merge requests 0
  • CI/CD
    • CI/CD
    • Pipelines
    • Jobs
    • Schedules
    • Test cases
  • Deployments
    • Deployments
    • Environments
    • Releases
  • Packages and registries
    • Packages and registries
    • Container Registry
  • Monitor
    • Monitor
    • Incidents
  • Analytics
    • Analytics
    • Value stream
    • CI/CD
    • Code review
    • Insights
    • Issue
    • Repository
  • Wiki
    • Wiki
  • Snippets
    • Snippets
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
Collapse sidebar
  • linux-arm
  • linux-coresight-backports
  • Repository
  • linux-coresight-backports
  • drivers
  • video
  • fbdev
  • uvesafb.c
Find file BlameHistoryPermalink
  • Kees Cook's avatar
    video: uvesafb: Fix integer overflow in allocation · 9f645bcc
    Kees Cook authored May 11, 2018
    
    
    cmap->len can get close to INT_MAX/2, allowing for an integer overflow in
    allocation. This uses kmalloc_array() instead to catch the condition.
    
    Reported-by: default avatarDr Silvio Cesare of InfoSect <silvio.cesare@gmail.com>
    Fixes: 8bdb3a2d
    
     ("uvesafb: the driver core")
    Cc: stable@vger.kernel.org
    Signed-off-by: default avatarKees Cook <keescook@chromium.org>
    9f645bcc