3 Nov
2023
3 Nov
'23
3:04 p.m.
On Fri, 03 Nov 2023 14:58:22 +0100, Takashi Iwai wrote:
On Thu, 02 Nov 2023 20:03:10 +0100, Philipp Stanner wrote:
wavefront_fx.c utilizes memdup_user() to copy a userspace array. This does not check for an overflow.
There is a check above the memdup_user() call; it's at most 512 bytes.
Use the new wrapper memdup_array_user() to copy the array more safely.
Suggested-by: Dave Airlie airlied@redhat.com Signed-off-by: Philipp Stanner pstanner@redhat.com
Although the check is already present, it's still better to use the new helper, so I applied the patch now.
... and the helper is available only on Linus tree for now, so I postpone after 6.7-rc1 release, so that we can have a solid base.
Takashi