[PATCH 3/4] drm: fix unsigned vs signed comparison issue in modeset ctl ioctl, CVE-2011-1013
paolo.pisati at canonical.com
paolo.pisati at canonical.com
Mon Jul 4 10:03:33 UTC 2011
From: Dave Airlie <airlied at redhat.com>
BugLink: http://bugs.launchpad.net/bugs/804229
CVE-2011-1013
commit 1922756124ddd53846877416d92ba4a802bc658f upstream.
This fixes CVE-2011-1013.
Reported-by: Matthiew Herrb (OpenBSD X.org team)
Signed-off-by: Dave Airlie <airlied at redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
Signed-off-by: Stefan Bader <stefan.bader at canonical.com>
Signed-off-by: Tim Gardner <tim.gardner at canonical.com>
Signed-off-by: Paolo Pisati <paolo.pisati at canonical.com>
---
drivers/gpu/drm/drm_irq.c | 3 ++-
include/drm/drmP.h | 2 +-
2 files changed, 3 insertions(+), 2 deletions(-)
diff --git a/drivers/gpu/drm/drm_irq.c b/drivers/gpu/drm/drm_irq.c
index f298434..a60bf9f 100644
--- a/drivers/gpu/drm/drm_irq.c
+++ b/drivers/gpu/drm/drm_irq.c
@@ -513,7 +513,8 @@ int drm_modeset_ctl(struct drm_device *dev, void *data,
struct drm_file *file_priv)
{
struct drm_modeset_ctl *modeset = data;
- int crtc, ret = 0;
+ int ret = 0;
+ unsigned int crtc;
/* If drm_vblank_init() hasn't been called yet, just no-op */
if (!dev->num_crtcs)
diff --git a/include/drm/drmP.h b/include/drm/drmP.h
index 4637dce..c012b01 100644
--- a/include/drm/drmP.h
+++ b/include/drm/drmP.h
@@ -989,7 +989,7 @@ struct drm_device {
struct pci_controller *hose;
#endif
struct drm_sg_mem *sg; /**< Scatter gather memory */
- int num_crtcs; /**< Number of CRTCs on this device */
+ unsigned int num_crtcs; /**< Number of CRTCs on this device */
void *dev_private; /**< device private data */
void *mm_private;
struct address_space *dev_mapping;
--
1.7.4.1
More information about the kernel-team
mailing list