diff options
| author | Harry Wentland <harry.wentland@amd.com> | 2026-05-05 11:52:15 -0400 |
|---|---|---|
| committer | Alex Deucher <alexander.deucher@amd.com> | 2026-06-03 14:44:36 -0400 |
| commit | da48bc4461b8a5ebfb9264c9b191a701d8e99009 (patch) | |
| tree | 5f3e6b1578962e05746b08a54a4a2ea2b63567e7 /scripts/objdiff | |
| parent | adf67034b1f61f7119295208085bfd43f85f56af (diff) | |
drm/amd/display: Use krealloc_array() in dal_vector_reserve()
[Why & How]
dal_vector_reserve() computes the allocation size as
"capacity * vector->struct_size" using uint32_t arithmetic, which can
silently wrap to a small value on overflow. This would cause krealloc to
return a smaller buffer than expected, leading to heap overflows on
subsequent vector appends.
Replace krealloc() with krealloc_array() which performs an internal
overflow check and returns NULL on wrap, preventing the issue.
Fixes: 2004f45ef83f ("drm/amd/display: Use kernel alloc/free")
Assisted-by: Copilot:claude-opus-4.6
Reviewed-by: Alex Hung <alex.hung@amd.com>
Signed-off-by: Harry Wentland <harry.wentland@amd.com>
Signed-off-by: Ray Wu <ray.wu@amd.com>
Tested-by: Daniel Wheeler <daniel.wheeler@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
(cherry picked from commit 37668568641ccc4cc1dbca4923d0a16609dd5707)
Cc: stable@vger.kernel.org
Diffstat (limited to 'scripts/objdiff')
0 files changed, 0 insertions, 0 deletions