Hi,
thank you for this patch. Murray McAllister reported this one a couple
of months ago, and this is already in our queue.
Sinclair
On Fri, Mar 24, 2017 at 04:37:10PM +0100, Vladis Dronov wrote:
> In vmw_surface_define_ioctl(), a num_sizes parameter is assigned a
> user-controlled value which
In vmw_surface_define_ioctl(), a num_sizes parameter is assigned a
user-controlled value which is not checked for zero. It is used in
a call to kmalloc() which returns ZERO_SIZE_PTR. Later ZERO_SIZE_PTR
is dereferenced which leads to a GPF and possibly to a kernel panic.
Add the check for zero to a