On Mon, Oct 11, 2010 at 07:22:57PM +0200, Dan Carpenter wrote:
I did an audit for potential integer overflows of values which get passed
to access_ok() and here are the results.
Signed-off-by: Dan Carpenter erro...@gmail.com
diff --git a/drivers/vhost/vhost.c b/drivers/vhost/vhost.c
index
On Tue, Oct 12, 2010 at 02:25:48PM +0200, Michael S. Tsirkin wrote:
As far as I can see, maximum value for num is 64K - 1:
if (!s.num || s.num 0x || (s.num (s.num - 1))) {
r = -EINVAL;
break;
}
How
I did an audit for potential integer overflows of values which get passed
to access_ok() and here are the results.
Signed-off-by: Dan Carpenter erro...@gmail.com
diff --git a/drivers/vhost/vhost.c b/drivers/vhost/vhost.c
index dd3d6f7..c2aa12c 100644
--- a/drivers/vhost/vhost.c
+++
On Mon, Oct 11, 2010 at 07:22:57PM +0200, Dan Carpenter wrote:
I did an audit for potential integer overflows of values which get passed
to access_ok() and here are the results.
FWIW, UINT_MAX is wrong here. What you want is maximal size_t value.
Signed-off-by: Dan Carpenter