On Sun, Nov 27, 2011 at 02:25:39PM +0300, Dan Carpenter wrote:
> On Sat, Nov 26, 2011 at 06:52:52PM -0800, Greg KH wrote:
> > On Fri, Nov 25, 2011 at 04:46:51PM -0500, Xi Wang wrote:
> > > There is a potential integer overflow in do_insnlist_ioctl() if
> > > userspace passes in a large insnlist.n_i
On Sat, Nov 26, 2011 at 06:52:52PM -0800, Greg KH wrote:
> On Fri, Nov 25, 2011 at 04:46:51PM -0500, Xi Wang wrote:
> > There is a potential integer overflow in do_insnlist_ioctl() if
> > userspace passes in a large insnlist.n_insns. The call to kmalloc()
> > would allocate a small buffer, leading
On Fri, Nov 25, 2011 at 04:46:51PM -0500, Xi Wang wrote:
> There is a potential integer overflow in do_insnlist_ioctl() if
> userspace passes in a large insnlist.n_insns. The call to kmalloc()
> would allocate a small buffer, leading to a memory corruption.
>
> The bug was reported by Dan Carpent
There is a potential integer overflow in do_insnlist_ioctl() if
userspace passes in a large insnlist.n_insns. The call to kmalloc()
would allocate a small buffer, leading to a memory corruption.
The bug was reported by Dan Carpenter
and Haogang Chen . The patch was suggested by
Ian Abbott and
