Re: [PATCH] media: rc: ir-lirc-codec: fix potential integeroverflow

From: Dan Carpenter
Date: Wed Dec 01 2010 - 23:51:50 EST

Next message: Joe Perches: "[PATCH 2/2] ath: Fix logging message typos"
Previous message: Tomoya MORINAGA: "Re: [PATCH net-next-2.6 v6 06/20] can: EG20T PCH: Fix endianness issue"
Next in thread: Jarod Wilson: "Re: [PATCH] media: rc: ir-lirc-codec: fix potential integer overflow"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, Nov 26, 2010 at 08:06:35PM +0300, Vasiliy Kulikov wrote:
> count = n / sizeof(int);
> - if (count > LIRCBUF_SIZE || count % 2 == 0)
> + if (count > LIRCBUF_SIZE || count % 2 == 0 || n % sizeof(int) != 0)
^^^^^^^^^^^^^^^^^^^^

Wait, what? We just checked this a couple lines before.

The rest of the patch is right and a clever catch. It would affect
x86_64 systems and not i386. This doesn't have security implications
does it? You'd just catch the kmalloc() stack trace for insanely large
allocations.

regards,
dan carpenter

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Joe Perches: "[PATCH 2/2] ath: Fix logging message typos"
Previous message: Tomoya MORINAGA: "Re: [PATCH net-next-2.6 v6 06/20] can: EG20T PCH: Fix endianness issue"
Next in thread: Jarod Wilson: "Re: [PATCH] media: rc: ir-lirc-codec: fix potential integer overflow"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]