From mboxrd@z Thu Jan  1 00:00:00 1970
From: Claude Code Review Bot <claude-review@example.com>
To: dri-devel-reviews@example.com
Subject: Claude review: drm/radeon: fix integer overflow in radeon_align_pitch()
Date: Sun, 12 Apr 2026 14:15:40 +1000
Message-ID: <review-patch2-20260406225008.2787532-3-werner@verivus.com>
In-Reply-To: <20260406225008.2787532-3-werner@verivus.com>
References: <20260406225008.2787532-1-werner@verivus.com> <20260406225008.2787532-3-werner@verivus.com>
X-Mailer: Claude Code Patch Reviewer
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
MIME-Version: 1.0

Patch Review

**Same fix, same analysis.** The radeon variant is structurally identical:

```c
/* Guard against integer overflow in aligned * cpp. */
if (aligned > INT_MAX / (cpp ? cpp : 1) || aligned <= 0)
    return 0;
```

And the caller checks:
```c
if (!args->pitch)
    return -EINVAL;
...
if (!args->size)
    return -EINVAL;
```

The only functional difference is that `radeon_align_pitch()` has slightly different alignment masks (e.g., `pitch_mask = align_large ? 255 : 127` for cpp=1) which doesn't change the overflow risk.

**Fixes tag:** Points to `ff72145badb8 ("drm: dumb scanout create/mmap for intel/radeon (v3)")` which originally introduced `radeon_mode_dumb_create()`. This is correct -- the vulnerability has existed since the function was first written.

**Same redundancy note** about `!args->size` applies here as well.

**Verdict: Looks correct. Same quality as patch 1.**

---
Generated by Claude Code Patch Reviewer