Home Explore Help
Register Sign In
phyus
/
linux-vybrid_public
8
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

drm: fix unsigned vs signed comparison issue in modeset ctl ioctl.

This fixes CVE-2011-1013.

Reported-by: Matthiew Herrb (OpenBSD X.org team)
Cc: stable@kernel.org
Signed-off-by: Dave Airlie <airlied@redhat.com>
Dave Airlie 14 years ago
parent
3c0556e967
commit
1922756124
2 changed files with 3 additions and 2 deletions
Split View Show Diff Stats
  1. 2 1
      drivers/gpu/drm/drm_irq.c
  2. 1 1
      include/drm/drmP.h

+ 2 - 1
drivers/gpu/drm/drm_irq.c
View File 

@@ -1012,7 +1012,8 @@ int drm_modeset_ctl(struct drm_device *dev, void *data,
 
 		    struct drm_file *file_priv)
 
 {
 
 	struct drm_modeset_ctl *modeset = data;
 
-	int crtc, ret = 0;
 
+	int ret = 0;
 
+	unsigned int crtc;
 
 
 	/* If drm_vblank_init() hasn't been called yet, just no-op */
 
 	if (!dev->num_crtcs)

+ 1 - 1
include/drm/drmP.h
View File 

@@ -1101,7 +1101,7 @@ struct drm_device {
 
 	struct platform_device *platformdev; /**< Platform device struture */
 
 
 	struct drm_sg_mem *sg;	/**< Scatter gather memory */
 
-	int num_crtcs;                  /**< Number of CRTCs on this device */
 
+	unsigned int num_crtcs;                  /**< Number of CRTCs on this device */
 
 	void *dev_private;		/**< device private data */
 
 	void *mm_private;
 
 	struct address_space *dev_mapping;