#include <stdlib.h>
#include <stdio.h>
+#include <stdint.h>
#include <string.h>
#include <errno.h>
#include <fcntl.h>
unsigned i;
int r;
- list = calloc(number_of_resources, sizeof(struct drm_amdgpu_bo_list_entry));
+ if (!number_of_resources)
+ return -EINVAL;
- if (list == NULL)
+ /* overflow check for multiplication */
+ if (number_of_resources > UINT32_MAX / sizeof(struct drm_amdgpu_bo_list_entry))
+ return -EINVAL;
+
+ list = malloc(number_of_resources * sizeof(struct drm_amdgpu_bo_list_entry));
+ if (!list)
return -ENOMEM;
memset(&args, 0, sizeof(args));
r = drmCommandWriteRead(dev->fd, DRM_AMDGPU_BO_LIST,
&args, sizeof(args));
+ free(list);
if (r)
- goto out;
+ return r;
- *result = calloc(1, sizeof(struct amdgpu_bo_list));
+ *result = malloc(sizeof(struct amdgpu_bo_list));
(*result)->dev = dev;
(*result)->handle = args.out.list_handle;
-out:
- free(list);
- return r;
+ return 0;
}
int amdgpu_bo_list_destroy(amdgpu_bo_list_handle list)
unsigned i;
int r;
- list = calloc(number_of_resources, sizeof(struct drm_amdgpu_bo_list_entry));
+ if (!number_of_resources)
+ return -EINVAL;
+
+ /* overflow check for multiplication */
+ if (number_of_resources > UINT32_MAX / sizeof(struct drm_amdgpu_bo_list_entry))
+ return -EINVAL;
+
+ list = malloc(number_of_resources * sizeof(struct drm_amdgpu_bo_list_entry));
if (list == NULL)
return -ENOMEM;
- memset(&args, 0, sizeof(args));
args.in.operation = AMDGPU_BO_LIST_OP_UPDATE;
args.in.list_handle = handle->handle;
args.in.bo_number = number_of_resources;
sizeof(struct drm_amdgpu_cs_chunk) +
sizeof(struct drm_amdgpu_cs_chunk_data));
- chunk_array = calloc(1, size);
- if (NULL == chunk_array)
+ chunk_array = alloca(size);
+ if (!chunk_array)
return -ENOMEM;
chunks = (struct drm_amdgpu_cs_chunk *)(chunk_array + ibs_request->number_of_ibs + 1);
error_unlock:
pthread_mutex_unlock(&context->sequence_mutex);
- free(chunk_array);
return r;
}
projects / platform / upstream / libdrm.git / commitdiff