On Wed, Dec 8, 2021 at 6:33 PM Dan Carpenter wrote:
>
> The "config.offset" comes from the user. There needs to a check to
> prevent it being out of bounds. The "config.offset" and
> "dev->config_size" variables are both type u32. So if the offset if
> out of bounds then the "dev->config_size -
The "config.offset" comes from the user. There needs to a check to
prevent it being out of bounds. The "config.offset" and
"dev->config_size" variables are both type u32. So if the offset if
out of bounds then the "dev->config_size - config.offset" subtraction
results in a very high u32 value.
