69ef943dbc
Passing an object_count of sufficient size will make
object_count * 4 wrap around to be very small, then a later function
will happily iterate off the end of the object_ids array. Using
array_size() will saturate at SIZE_MAX, the kmalloc() will fail and
we'll return an -ENOMEM to the norty userspace.
Fixes:
|
||
---|---|---|
.. | ||
drm | ||
host1x | ||
ipu-v3 | ||
vga | ||
Makefile |