O> + /* make sure the offsets array isn't truncated */
> + if (table->num * sizeof(table->offset[0]) +
> + sizeof(struct resource_table) > entry->size) {
> + sproc_err(sproc, "resource table incomplete\n");
> + return NULL;
None of these checks appear to be robust against maths overflow. So the
question I'd ask is how far do you trust your inputs ?
Alan
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
