[COMMON] g2d: fix out-of-bounds read
authorhyesoo.yu <hyesoo.yu@samsung.com>
Fri, 8 Sep 2017 05:29:16 +0000 (14:29 +0900)
committerSeungchul Kim <sc377.kim@samsung.com>
Mon, 28 May 2018 05:27:45 +0000 (14:27 +0900)
Overrunning array release_fences of 17 4-byte elements at
element index 4294967294 (byte offset 17179869176) using index

Change-Id: I18d984096c8975fb2afc38a2785baf8e5505ca4d
Signed-off-by: hyesoo.yu <hyesoo.yu@samsung.com>
drivers/gpu/exynos/g2d/g2d_fence.c

index d9f70e7ae79eb727a5bd0997ce521e54bb477360..5a7138b401b8bcf6cbbf2e289bc9048178dac652 100644 (file)
@@ -148,7 +148,7 @@ struct sync_file *g2d_create_release_fence(struct g2d_device *g2d_dev,
        struct dma_fence *fence;
        struct sync_file *file;
        s32 release_fences[G2D_MAX_IMAGES + 1];
-       unsigned int i;
+       int i;
        int ret = 0;
 
        if (!(task->flags & G2D_FLAG_NONBLOCK) || !data->num_release_fences)