From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mgamail.intel.com (mgamail.intel.com [134.134.136.126]) by gabe.freedesktop.org (Postfix) with ESMTPS id 0021510E306 for ; Tue, 17 Oct 2023 15:10:03 +0000 (UTC) From: Marcin Bernatowicz To: igt-dev@lists.freedesktop.org Date: Tue, 17 Oct 2023 14:36:54 +0000 Message-ID: <20231017143654.617723-1-marcin.bernatowicz@linux.intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Subject: [igt-dev] [PATCH i-g-t] lib/intel_blt.c: ensure uint64_t result of multiplication List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: igt-dev-bounces@lists.freedesktop.org Sender: "igt-dev" List-ID: Additionally check for overflow. This should allow to exercise large buffers ex. xe_exercise_blt -W 16384 -H 16384 Signed-off-by: Marcin Bernatowicz --- lib/intel_blt.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/lib/intel_blt.c b/lib/intel_blt.c index a76c7a404..f46c85e91 100644 --- a/lib/intel_blt.c +++ b/lib/intel_blt.c @@ -1607,12 +1607,18 @@ blt_create_object(const struct blt_copy_data *blt, uint32_t region, bool create_mapping) { struct blt_copy_object *obj; - uint64_t size = width * height * bpp / 8; uint32_t stride = tiling == T_LINEAR ? width * 4 : width; uint32_t handle; + uint64_t size; igt_assert_f(blt->driver, "Driver isn't set, have you called blt_copy_init()?\n"); + igt_assert_f((UINT64_MAX / 8) >= width && + (UINT64_MAX / width) >= height && + (UINT64_MAX / (width * height)) >= bpp, "Overflow detected!\n"); + + size = (uint64_t)width * height * bpp / 8; + obj = calloc(1, sizeof(*obj)); obj->size = size; -- 2.42.0