drm/radeon: check incoming cliprects pointer

author Kees Cook <keescook@chromium.org>

Mon, 13 May 2013 05:00:51 +0000 (22:00 -0700)

committer Dave Airlie <airlied@redhat.com>

Mon, 13 May 2013 05:23:34 +0000 (15:23 +1000)
author Kees Cook <keescook@chromium.org>
Mon, 13 May 2013 05:00:51 +0000 (22:00 -0700)
committer Dave Airlie <airlied@redhat.com>
Mon, 13 May 2013 05:23:34 +0000 (15:23 +1000)
diff --git a/drivers/gpu/drm/radeon/r300_cmdbuf.c b/drivers/gpu/drm/radeon/r300_cmdbuf.c

index 865e2c9980dbd5b2245a40ed23cdbb19af1044d5..60170ea5e3a228c0483c18f0fd1652b30ec7760b 100644 (file)
--- a/drivers/gpu/drm/radeon/r300_cmdbuf.c
+++ b/drivers/gpu/drm/radeon/r300_cmdbuf.c
@@ -75,7 +75,7 @@ static int r300_emit_cliprects(drm_radeon_private_t *dev_priv,
                 OUT_RING(CP_PACKET0(R300_RE_CLIPRECT_TL_0, nr * 2 - 1));
  
                 for (i = 0; i < nr; ++i) {
-                       if (DRM_COPY_FROM_USER_UNCHECKED
+                       if (DRM_COPY_FROM_USER
                             (&box, &cmdbuf->boxes[n + i], sizeof(box))) {
                                 DRM_ERROR("copy cliprect faulted\n");
                                 return -EFAULT;
author	Kees Cook <keescook@chromium.org>
	Mon, 13 May 2013 05:00:51 +0000 (22:00 -0700)
committer	Dave Airlie <airlied@redhat.com>
	Mon, 13 May 2013 05:23:34 +0000 (15:23 +1000)