3 Nov
2023
3 Nov
'23
2:58 p.m.
On Thu, 02 Nov 2023 20:03:10 +0100, Philipp Stanner wrote:
wavefront_fx.c utilizes memdup_user() to copy a userspace array. This does not check for an overflow.
There is a check above the memdup_user() call; it's at most 512 bytes.
Use the new wrapper memdup_array_user() to copy the array more safely.
Suggested-by: Dave Airlie airlied@redhat.com Signed-off-by: Philipp Stanner pstanner@redhat.com
Although the check is already present, it's still better to use the new helper, so I applied the patch now.
thanks,
Takashi