int nbox = cmd->num_cliprects;
int i = 0, count, ret;
- if (cmd->sz & 0x3) {
- DRM_ERROR("alignment\n");
+ if (cmd->sz <= 0 || (cmd->sz & 0x3) != 0) {
+ DRM_ERROR("negative value or incorrect alignment\n");
return -EINVAL;
}
DRM_DEBUG("i915 batchbuffer, start %x used %d cliprects %d\n",
batch->start, batch->used, batch->num_cliprects);
+ if (batch->num_cliprects < 0)
+ return -EINVAL;
+
LOCK_TEST_WITH_RETURN(dev, file_priv);
if (batch->num_cliprects && DRM_VERIFYAREA_READ(batch->cliprects,
DRM_DEBUG("i915 cmdbuffer, buf %p sz %d cliprects %d\n",
cmdbuf->buf, cmdbuf->sz, cmdbuf->num_cliprects);
+ if (cmdbuf->num_cliprects < 0)
+ return -EINVAL;
+
LOCK_TEST_WITH_RETURN(dev, file_priv);
if (cmdbuf->num_cliprects &&
dev_priv->new_memmap = sp->value;
break;
case RADEON_SETPARAM_PCIGART_TABLE_SIZE:
+ if (sp->value < 0)
+ return -EINVAL;
dev_priv->gart_info.table_size = sp->value;
if (dev_priv->gart_info.table_size < RADEON_PCIGART_TABLE_SIZE)
dev_priv->gart_info.table_size = RADEON_PCIGART_TABLE_SIZE;
projects / openbsd / commitdiff