from:"Chen.Yu"

[PATCH] scsi: integer overflow in megadev_ioctl()

2013-12-13 Thread Chen.Yu

From: "Chen.Yu" There is a potential integer overflow in megadev_ioctl() if userspace passes in a large u32 variable uioc.adapno. The int variable adapno would < 0, leading to an error array access for hdb_soft_state[adapno], or an error copy_to_user(uioc.uioc_uaddr, mcontroller+ad

[PATCH] scsi: integer overflow in megadev_ioctl()

2013-12-13 Thread Chen.Yu

From: "Chen.Yu" There is a potential integer overflow in megadev_ioctl() if userspace passes in a large u32 variable uioc.adapno. The int variable adapno would < 0, leading to an error array access for hdb_soft_state[adapno], or an error copy_to_user(uioc.uioc_uaddr, mcont