blob: dccc8aa483e835591672edf5632a6db53899cdb9 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
|
Description: video: uvesafb: Fix integer overflow in allocation
References:
Notes:
bwh> I don't think this is a real issue. The multiplicands are a
bwh> constant 4 of type size_t and a variable of type int which was
bwh> already range-checked to be no <= INT_MAX/2. The latter
bwh> will be promoted to size_t (i.e. unsigned int or unsigned long)
bwh> and the result will be <= 2*INT_MAX which is representable by
bwh> either of those types.
Bugs:
upstream: released (4.18-rc1) [9f645bcc566a1e9f921bdae7528a01ced5bc3713]
4.19-upstream-stable: N/A "Fixed before branch point"
4.9-upstream-stable: released (4.9.111) [7673ca3c93414faf90fa2a3c339f1f625415fecb]
3.16-upstream-stable: released (3.16.58) [video-uvesafb-fix-integer-overflow-in-allocation.patch]
sid: released (4.17.6-1)
4.9-stretch-security: released (4.9.130-1)
3.16-jessie-security: released (3.16.59-1)
|