On Sun, Sep 09, 2012 at 04:16:58PM +0200, Sasha Levin wrote: > device_write only checks whether the request size is big enough, but it > doesn't > check if the size is too big. > > At that point, it also tries to allocate as much memory as the user has > requested > even if it's too much. This can lead to OOM killer kicking in, or memory > corruption > if (count + 1) overflows.
thanks, pushed to next -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
