MIRRORS/linux-imx
1
0
Fork 0
mirror of https://github.com/nxp-imx/linux-imx.git synced 2026-04-26 10:30:09 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity
git.kernel.org/linux-stable/linux-3.12.y
linux-imx/drivers/message
History
Dan Carpenter 1f71f19f19 mptfusion: prevent some memory corruption 
commit e819cdb198 upstream.

These are signed values the come from the user, we put a cap on the
upper bounds but not on the lower bounds.

We use "karg.dataSgeOffset" to calculate "sz".  We verify "sz" and
proceed as if that means that "karg.dataSgeOffset" is correct but this
fails to consider that the "sz" calculations can have integer overflows.

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Reviewed-by: Johannes Thumshirn <jthumshirn@suse.de>
Signed-off-by: James Bottomley <JBottomley@Odin.com>
Cc: Oliver Neukum <ONeukum@suse.com>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
2015-11-12 14:09:09 +01:00
..
fusion mptfusion: prevent some memory corruption 2015-11-12 14:09:09 +01:00
i2o drivers: avoid format strings in names passed to alloc_workqueue() 2013-07-03 16:07:41 -07:00
Makefile