Arvin Moezzi wrote:
2007/9/19, James Pearson <[EMAIL PROTECTED]>:+ while (count > 0) { + int this_len, retval; + + this_len = mm->env_end - (mm->env_start + src); + + if (this_len <= 0) + break; + + if (this_len > max_len) + this_len = max_len; + + retval = access_process_vm(task, (mm->env_start + src), + page, this_len, 0); + + if (retval <= 0) { + ret = retval; + break; + } + + if (copy_to_user(buf, page, retval)) {^^^^ shouldn't you only copy min(count,retval) bytes? otherwise you could write beyond the users buffer "buf", right?
AFAIK, 'retval' can never be greater than 'this_len', which can never be greater than 'max_len', which can never be greater than 'count'
James Pearson - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
