do_io_submit() iterated over the userspace iocb structure pointers using a variable i of type 'int'. This was wrong since 'nr', the number of iocb structure pointers, could potentially be up to LONG_MAX / sizeof(struct iocb *). Fix it (and also remove the unnecessary initialization to 0).
Signed-off-by: Eric Biggers <[email protected]> --- fs/aio.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fs/aio.c b/fs/aio.c index 12a3de0e..4c96af7 100644 --- a/fs/aio.c +++ b/fs/aio.c @@ -1441,7 +1441,7 @@ long do_io_submit(aio_context_t ctx_id, long nr, { struct kioctx *ctx; long ret = 0; - int i = 0; + long i; struct blk_plug plug; if (unlikely(nr < 0)) -- 1.9.2 -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
