Re: [PATCH] drm/komeda: fix integer overflow in AFBC framebuffer size check

Next message: Marco Crivellari: "[PATCH v5 0/2] Add new workqueue wrapper and enqueue on cpu functions"
Previous message: Conor Dooley: "Re: [RFC] pinctrl: pinconf-generic: move ..dt_node_to_map_pinmux() to amlogic-am4 driver"
In reply to: Liviu Dudau: "Re: [PATCH] drm/komeda: fix integer overflow in AFBC framebuffer size check"
Next in thread: Liviu Dudau: "Re: [PATCH] drm/komeda: fix integer overflow in AFBC framebuffer size check"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Brian Starkey

Date: Wed Feb 04 2026 - 11:22:55 EST

On Wed, Feb 04, 2026 at 02:56:38PM +0000, Alexander Konyukhov wrote:
> Thank you for the replies.
>
> According to ISO 9899 6.3.1 both operands are first converted to a common type (u32), there are no defined limits of kfb->afbc_size and fb->offsets[0] , so min_size can have an overflowed u32 value.
>

Ack, my bad - thanks for the refresher on the promotion rules.

I think afbc_size is indirectly constrained, but offsets[0] may not
be.

-Brian