On Sun, Dec 05, 2010 at 12:05:22AM +0300, Vasiliy Kulikov wrote:
> 'n' may be bigger than MAX_INT*sizeof(int), if so checking of truncated
> (int)(n/sizeof(int)) for LIRCBUF_SIZE overflows and then using nontruncated
> 'count'
> doesn't make sense. This is not a security issue as too big 'n' is c
'n' may be bigger than MAX_INT*sizeof(int), if so checking of truncated
(int)(n/sizeof(int)) for LIRCBUF_SIZE overflows and then using nontruncated
'count'
doesn't make sense. This is not a security issue as too big 'n' is catched in
kmalloc() in memdup_user() call. However, it's better to preve
