if the bochs_dispi_read() function returns a value between 0x8000 and 0xFFFF, then an overflow may occurs.
Found by Security Code and Linux Verification Center (linuxtesting.org) Signed-off-by: Maxim Korotkov <[email protected]> --- drivers/gpu/drm/tiny/bochs.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/gpu/drm/tiny/bochs.c b/drivers/gpu/drm/tiny/bochs.c index c23c9f0cf49c..ad31049f9779 100644 --- a/drivers/gpu/drm/tiny/bochs.c +++ b/drivers/gpu/drm/tiny/bochs.c @@ -240,7 +240,7 @@ static int bochs_hw_init(struct drm_device *dev) id = bochs_dispi_read(bochs, VBE_DISPI_INDEX_ID); mem = bochs_dispi_read(bochs, VBE_DISPI_INDEX_VIDEO_MEMORY_64K) - * 64 * 1024; + * mul_u32_u32(64, 1024); if ((id & 0xfff0) != VBE_DISPI_ID0) { DRM_ERROR("ID mismatch\n"); return -ENODEV; -- 2.34.1
