[lvc-project] [PATCH] drm/komeda: fix integer overflow in AFBC framebuffer size check
Brian Starkey
brian.starkey at arm.com
Wed Feb 4 19:20:07 MSK 2026
On Wed, Feb 04, 2026 at 02:56:38PM +0000, Alexander Konyukhov wrote:
> Thank you for the replies.
>
> According to ISO 9899 6.3.1 both operands are first converted to a common type (u32), there are no defined limits of kfb->afbc_size and fb->offsets[0] , so min_size can have an overflowed u32 value.
>
Ack, my bad - thanks for the refresher on the promotion rules.
I think afbc_size is indirectly constrained, but offsets[0] may not
be.
-Brian
More information about the lvc-project
mailing list