On Sun, Dec 05, 2010 at 12:05:22AM +0300, Vasiliy Kulikov wrote: > 'n' may be bigger than MAX_INT*sizeof(int), if so checking of truncated > (int)(n/sizeof(int)) for LIRCBUF_SIZE overflows and then using nontruncated > 'count' > doesn't make sense. This is not a security issue as too big 'n' is catched in > kmalloc() in memdup_user() call. However, it's better to prevent WARN() in > kmalloc(). > > Signed-off-by: Vasiliy Kulikov <seg...@openwall.com>
Now that I have my head out of my arse wrt the actual issue here, the redundancy issue from v1 is resolved, and I've managed a full night's sleep... ;) Acked-by: Jarod Wilson <ja...@redhat.com> -- Jarod Wilson ja...@redhat.com -- To unsubscribe from this list: send the line "unsubscribe linux-media" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
