On Sun, 17 Jan 2010 19:41:20 +0100 Borislav Petkov <[email protected]> wrote: > drivers/gpu/drm/radeon/radeon_state.c:2145: > /home/boris/kernel/linux-2.6/arch/x86/include/asm/uaccess_32.h:212: > warning: call to ‘copy_from_user_overflow’ declared with attribute > warning: copy_from_user() buffer size is not provably correct LD > drivers/gpu/drm/radeon/radeon.o > > which is caused by the compile-time check in copy_from_user > introduced in 4a312769: > > if (DRM_COPY_FROM_USER(&depth_boxes, clear->depth_boxes, > sarea_priv->nbox * > sizeof(depth_boxes[0])))
> > due to the sarea_priv->nbox being unknown at compile time, even though > the code clamps its value earlier in case it might cause an overflow: > > if (sarea_priv->nbox > RADEON_NR_SAREA_CLIPRECTS) > sarea_priv->nbox = RADEON_NR_SAREA_CLIPRECTS; > gcc is not smart enough to prove that the clamp survives the multiplication without wrapping it seems. -- Arjan van de Ven Intel Open Source Technology Centre For development, discussion and tips for power savings, visit http://www.lesswatts.org ------------------------------------------------------------------------------ Throughout its 18-year history, RSA Conference consistently attracts the world's best and brightest in the field, creating opportunities for Conference attendees to learn about information security's most important issues through interactions with peers, luminaries and emerging and established companies. http://p.sf.net/sfu/rsaconf-dev2dev -- _______________________________________________ Dri-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/dri-devel
