From mboxrd@z Thu Jan  1 00:00:00 1970
From: Claude Code Review Bot <claude-review@example.com>
To: dri-devel-reviews@example.com
Subject: Claude review: accel/ethosu: fix integer overflow and underflow in dma_length()
Date: Mon, 25 May 2026 17:08:44 +1000
Message-ID: <review-patch2-20260524060644.106635-1-meatuni001@gmail.com>
In-Reply-To: <20260524060644.106635-1-meatuni001@gmail.com>
References: <20260524051659.70654-1-meatuni001@gmail.com> <20260524060644.106635-1-meatuni001@gmail.com>
X-Mailer: Claude Code Patch Reviewer
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
MIME-Version: 1.0

Patch Review

This is v2 and is **superseded by v3**. It fixes the multiplication overflow, adds negative stride underflow checks, and adds the caller check.

**Improvements over v1:**

- Adds underflow guard: `if (dma->stride[0] < 0 && (u64)(-dma->stride[0]) > len) return U64_MAX;`
- Adds caller validation: `if (srclen == U64_MAX || dstlen == U64_MAX) return -EINVAL;`

**Remaining issue:**

- Still missing `check_add_overflow` for the `len + dma->offset` computation in the `region_size` update. A crafted `offset` could wrap `len + dma->offset` to a small value, causing `region_size[]` to underreport the region usage.

**Minor nit:** The commit message lists "Two bugs exist:" but then enumerates items 1, 2, and 3. Should say "three issues" or similar.

---
Generated by Claude Code Patch Reviewer