From mboxrd@z Thu Jan 1 00:00:00 1970 From: Claude Code Review Bot To: dri-devel-reviews@example.com Subject: Claude review: drm/qxl: validate dst_offset in apply_reloc against BO size Date: Sat, 16 May 2026 10:59:08 +1000 Message-ID: In-Reply-To: <1778753260.e30adb21c660@berkoc.com> References: <1778753260.e30adb21c660@berkoc.com> X-Mailer: Claude Code Patch Reviewer Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Overall Series Review Subject: drm/qxl: validate dst_offset in apply_reloc against BO size Author: Berkant Koc Patches: 1 Reviewed: 2026-05-16T10:59:08.741312 --- This is a single-patch security fix for a real out-of-bounds write vulnerab= ility (CWE-787) in the QXL DRM driver that has existed since the driver was= merged in v3.10 (2013). The commit message is thorough and well-written, c= learly explaining the attack surface and scope. The fix itself is correct = =E2=80=94 it adds the missing bounds check that an existing aspirational co= mment explicitly called for but was never implemented. The fix is the right approach (validate at the reloc processing site before= the write), and the logic is sound. There are a few issues that should be = addressed before merging, ranging from missing kernel metadata tags to a pr= e-existing cross-page write bug that should at minimum be noted. **Verdict: Needs minor revision** =E2=80=94 the core fix is correct but it = needs a `Fixes:` tag, a `Cc: stable` tag, and ideally should also address t= he page-boundary crossing issue it partially inherits. --- --- Generated by Claude Code Patch Reviewer