something odd in emu10k1/emufx

From: Al Viro
Date: Fri Jan 18 2008 - 21:16:40 EST

Next message: Andi Kleen: "Re: [patch 02/11] PAT x86: Map only usable memory in x86_64 identity map and kernel text"
Previous message: Glauber de Oliveira Costa: "[PATCH 6/6] export __supported_pte_mask"
Next in thread: Takashi Iwai: "Re: something odd in emu10k1/emufx"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

In copy_tlv() we have
tlv = kmalloc(data[1] * 4 + sizeof(data), GFP_KERNEL);
if (!tlv)
return NULL;
memcpy(tlv, data, sizeof(data));
if (copy_from_user(tlv + 2, _tlv + 2, data[1])) {
kfree(tlv);
return NULL;
}
which looks rather odd, since either we kmalloc too much or copy too little...
Comments?
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Andi Kleen: "Re: [patch 02/11] PAT x86: Map only usable memory in x86_64 identity map and kernel text"
Previous message: Glauber de Oliveira Costa: "[PATCH 6/6] export __supported_pte_mask"
Next in thread: Takashi Iwai: "Re: something odd in emu10k1/emufx"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]