Reported by Dan Carpenter
outsize = sizeof(*gfout) + gfin->gf_pathlen;
Where outsize is int and gf_pathlen is u32 from userspace
can lead to integer overflowwhere outsize is some small number
less than sizeof(*gfout)
Add a check for pathlen to be of sensical size.
Signed-off-by: Oleg Drokin
R
Hi Oleg,
The patch d7e09d0397e8: "staging: add Lustre file system client
support" from May 2, 2013, leads to the following static checker
warning:
drivers/staging/lustre/lustre/llite/file.c:1730 ll_fid2path()
error: memcpy() 'gfout' too small
drivers/staging/lustre/lustre/llite/f
