Since cmdbuf->size and cmdbuf->nbox are from userspace, a large value
would overflow the allocation size, leading to out-of-bounds access.
Signed-off-by: NXi Wang <xi.wang@gmail.com>
Signed-off-by: NDave Airlie <airlied@redhat.com>