Re: [PATCH] usb: fix potential integer overflow in usb_sg_init

From: Alan Stern
Date: Mon Jan 18 2016 - 13:32:31 EST

Next message: Lukas Wunner: "Re: [PATCH 10/11] acpi: Export acpi_bus_type"
Previous message: Peter Zijlstra: "Re: regression 4.4: deadlock in with cgroup percpu_rwsem"
In reply to: Insu Yun: "[PATCH] usb: fix potential integer overflow in usb_sg_init"
Next in thread: Alan Stern: "Re: [PATCH] usb: fix potential integer overflow in usb_sg_init"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, 18 Jan 2016, Insu Yun wrote:

> If nents value is sufficient large, e.g 0x40000000,
> then it can overflow size in kmalloc and heap overflow happesns.
> Therefore nents value needs to be checked to prevent overflow.

I don't see why. You seem to be assuming that failure with -EINVAL is
better than failure with a heap overflow. I disagree; a heap overflow
provides more debugging information to help locate the reason for the
underlying problem.

Alan Stern

Next message: Lukas Wunner: "Re: [PATCH 10/11] acpi: Export acpi_bus_type"
Previous message: Peter Zijlstra: "Re: regression 4.4: deadlock in with cgroup percpu_rwsem"
In reply to: Insu Yun: "[PATCH] usb: fix potential integer overflow in usb_sg_init"
Next in thread: Alan Stern: "Re: [PATCH] usb: fix potential integer overflow in usb_sg_init"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]