On Tue, Sep 18, 2012 at 8:48 PM, Alan Cox <a...@lxorguk.ukuu.org.uk> wrote:
> > + /* make sure the offsets array isn't truncated */
>> + if (table->num * sizeof(table->offset[0]) +
>> + sizeof(struct resource_table) > entry->size) {
>> + sproc_err(sproc, "resource table incomplete\n");
>> + return NULL;
>
> None of these checks appear to be robust against maths overflow. So the
> question I'd ask is how far do you trust your inputs ?
The input is coming from user space via firmware loading framework,
so I guess it shouldn't be trusted at all. I'll try to improve these
sanity checks
in my next respin.
Thanks,
Sjur
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
