Alex,I have a question, why I don't see it on the
https://patchwork.freedesktop.org/
Alex Deucher 于2023年4月27日周四 20:40写道:
>
> As per my prior reply, it has been applied.
>
> Thanks,
>
> Alex
>
> On Thu, Apr 27, 2023 at 8:39 AM whitehat002 whitehat002
> wrot
hello
What is the current status of this patch, has it been applied?
hackyzh002 于2023年4月19日周三 20:23写道:
>
> The type of size is unsigned int, if size is 0x4000, there will
> be an integer overflow, size will be zero after size *= sizeof(uint32_t),
> will cause uninitialized memory to be refer
Hello,
What is the current status of this patch, has it been applied?
Alex Deucher 于2023年4月19日周三 21:49写道:
> Applied. Thanks!
>
> Alex
>
> On Wed, Apr 19, 2023 at 8:24 AM Christian König
> wrote:
> >
> > Am 19.04.23 um 14:20 schrieb hackyzh002:
> > > The type of size is unsigned, if size is 0x
Hello,
I am going to file a security bug.
VULNERABILITY DETAILS
ioctl$AMDGPU_CS will call amdgpu_cs_ioctl which will call
amdgpu_cs_parser_init. The type of size is unsigned(4 bytes)[1]. And size
is assigned from p->chunks[i].length_dw[2] which is assigned from
user_chunk.length_dw[3], which typ
Sorry, I found that the latest code function has become amdgpu_cs_pass1,
and radeon_cs_parser_init has the same problem.And i will send the patch.
whitehat002 whitehat002 于2023年4月18日周二 11:39写道:
> Hello,
>
> I am going to file a security bug.
>
> VULNERABILITY DETAILS
>
>
