From mboxrd@z Thu Jan 1 00:00:00 1970 From: Claude Code Review Bot To: dri-devel-reviews@example.com Subject: Claude review: accel/rocket: fix NULL dereference and integer overflow in rocket_job_push() Date: Mon, 25 May 2026 17:04:16 +1000 Message-ID: In-Reply-To: <20260524155716.90955-1-meatuni001@gmail.com> References: <20260524155716.90955-1-meatuni001@gmail.com> <20260524155716.90955-1-meatuni001@gmail.com> X-Mailer: Claude Code Patch Reviewer Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Patch Review **Overflow check =E2=80=94 correct:** ```c + if (check_add_overflow(job->in_bo_count, job->out_bo_count, &bo_count)) + return -EINVAL; ``` All three operands are `u32`, so `check_add_overflow()` will correctly dete= ct wrap. Returning `-EINVAL` is appropriate for invalid userspace input. **NULL check =E2=80=94 correct:** ```c + bos =3D kvmalloc_array(bo_count, sizeof(*bos), GFP_KERNEL); + if (!bos) + return -ENOMEM; ``` This is the standard pattern. Also note the `sizeof(void *)` =E2=86=92 `siz= eof(*bos)` change is a good improvement (type-safe, follows kernel style). **Sum replacement in callers =E2=80=94 correct:** The raw `job->in_bo_count + job->out_bo_count` expressions in `drm_gem_lock= _reservations()` and `drm_gem_unlock_reservations()` are replaced with the = pre-validated `bo_count`. This is both safer and cleaner. **Minor nit (non-blocking):** The `memcpy` calls on lines 201=E2=80=93202 s= till use `sizeof(void *)` instead of `sizeof(*bos)`: ```c memcpy(bos, job->in_bos, job->in_bo_count * sizeof(void *)); memcpy(&bos[job->in_bo_count], job->out_bos, job->out_bo_count * sizeof(vo= id *)); ``` Since the allocation was changed to `sizeof(*bos)`, it would be more consis= tent to use `sizeof(*bos)` in the `memcpy` sizes too. Both are equivalent (= `bos` is `struct drm_gem_object **`, so `*bos` is a pointer, same size as `= void *`), so this is purely cosmetic and not a correctness issue. **Overall:** Clean, correct fix for two real bugs. Reviewed-by worthy. --- Generated by Claude Code Patch Reviewer