Hi Zhenyu,
Quoting Zhenyu Wang :
On 2017.12.09 00:37:59 -0600, Gustavo A. R. Silva wrote:
In case function skl_format_to_drm returns -EINVAL, fmt turns into a huge
number as fmt is of type u32, hence there is an out-of-bounds read when
using fmt as an index for array skl_pixel_formats at line
On 2017.12.09 00:37:59 -0600, Gustavo A. R. Silva wrote:
> In case function skl_format_to_drm returns -EINVAL, fmt turns into a huge
> number as fmt is of type u32, hence there is an out-of-bounds read when
> using fmt as an index for array skl_pixel_formats at line 225:
> plane->bpp = skl_pixel_fo
In case function skl_format_to_drm returns -EINVAL, fmt turns into a huge
number as fmt is of type u32, hence there is an out-of-bounds read when
using fmt as an index for array skl_pixel_formats at line 225:
plane->bpp = skl_pixel_formats[fmt].bpp;
Fix this by comparing the value returned by func
3 matches
Mail list logo
