From patchwork Thu Aug 9 09:01:07 2012 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Stefan Bader X-Patchwork-Id: 176031 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from chlorine.canonical.com (chlorine.canonical.com [91.189.94.204]) by ozlabs.org (Postfix) with ESMTP id 2DC8B2C0081 for ; Thu, 9 Aug 2012 19:01:41 +1000 (EST) Received: from localhost ([127.0.0.1] helo=chlorine.canonical.com) by chlorine.canonical.com with esmtp (Exim 4.71) (envelope-from ) id 1SzOcW-0006mX-JY; Thu, 09 Aug 2012 09:01:32 +0000 Received: from youngberry.canonical.com ([91.189.89.112]) by chlorine.canonical.com with esmtp (Exim 4.71) (envelope-from ) id 1SzOc8-0006Zq-VC for kernel-team@lists.ubuntu.com; Thu, 09 Aug 2012 09:01:08 +0000 Received: from p5b2e349a.dip.t-dialin.net ([91.46.52.154] helo=canonical.com) by youngberry.canonical.com with esmtpsa (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1SzOc8-0006Nj-8q; Thu, 09 Aug 2012 09:01:08 +0000 From: Stefan Bader To: linux-kernel@vger.kernel.org, stable@vger.kernel.org, kernel-team@lists.ubuntu.com Subject: [2.6.32+drm33-longterm] Linux 2.6.32.59+drm33.26 Date: Thu, 9 Aug 2012 11:01:07 +0200 Message-Id: <1344502867-10186-1-git-send-email-stefan.bader@canonical.com> X-Mailer: git-send-email 1.7.9.5 X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.13 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Sender: kernel-team-bounces@lists.ubuntu.com Errors-To: kernel-team-bounces@lists.ubuntu.com I am announcing the release of the 2.6.32.59+drm33.26 longterm tree. This tree is based on 2.6.32 and generally has all of the stable updates applied. Except those to the DRM subsystem, which was based on 2.6.33 and took updates from that upstream stable as long as that existed. It will continue to add patches to the DRM subsystem as long as they are valid according to the stable update rules (Documentation/stable_kernel_rules.txt). DRM patches for this tree should be sent to kernel-team@lists.ubuntu.com. This release updates the DRM subsystem only. The updated 2.6.32.y-drm33.z tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/smb/linux-2.6.32.y-drm33.z.git or git://kernel.ubuntu.com/smb/linux-2.6.32.y-drm33.z.git and can be browsed through git web via: http://git.kernel.org/?p=linux/kernel/git/smb/linux-2.6.32.y-drm33.z.git;a=summary or http://kernel.ubuntu.com/git?p=smb/linux-2.6.32.y-drm33.z.git;a=summary -Stefan ------ * drm: integer overflow in drm_mode_dirtyfb_ioctl() * Linux 2.6.32.59+drm33.26 Makefile | 2 +- drivers/gpu/drm/drm_crtc.c | 4 ++++ include/drm/drm_mode.h | 2 ++ 3 files changed, 7 insertions(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 7667dad..a9c82a4 100644 --- a/Makefile +++ b/Makefile @@ -1,7 +1,7 @@ VERSION = 2 PATCHLEVEL = 6 SUBLEVEL = 32 -EXTRAVERSION = .59+drm33.25 +EXTRAVERSION = .59+drm33.26 NAME = Man-Eating Seals of Antiquity # *DOCUMENTATION* diff --git a/drivers/gpu/drm/drm_crtc.c b/drivers/gpu/drm/drm_crtc.c index 81ba0e6..ec9e97e 100644 --- a/drivers/gpu/drm/drm_crtc.c +++ b/drivers/gpu/drm/drm_crtc.c @@ -1832,6 +1832,10 @@ int drm_mode_dirtyfb_ioctl(struct drm_device *dev, } if (num_clips && clips_ptr) { + if (num_clips < 0 || num_clips > DRM_MODE_FB_DIRTY_MAX_CLIPS) { + ret = -EINVAL; + goto out_err1; + } clips = kzalloc(num_clips * sizeof(*clips), GFP_KERNEL); if (!clips) { ret = -ENOMEM; diff --git a/include/drm/drm_mode.h b/include/drm/drm_mode.h index c5ba163..9cf639c 100644 --- a/include/drm/drm_mode.h +++ b/include/drm/drm_mode.h @@ -232,6 +232,8 @@ struct drm_mode_fb_cmd { #define DRM_MODE_FB_DIRTY_ANNOTATE_FILL 0x02 #define DRM_MODE_FB_DIRTY_FLAGS 0x03 +#define DRM_MODE_FB_DIRTY_MAX_CLIPS 256 + /* * Mark a region of a framebuffer as dirty. *