The check for writing more than cb_max_size bytes does not 'goto out' so
it is a no-op which allows users to vmalloc an arbitrary amount.
Fixes: 03607ace807b ("configfs: implement binary attributes")
Signed-off-by: Phil Turnbull
---
fs/configfs/file.c | 1 +
1 file changed,
ceph_llseek does not correctly return NXIO errors because the 'out' path
always returns 'offset'.
Fixes: 06222e491e66 ("fs: handle SEEK_HOLE/SEEK_DATA properly in all fs's that
define their own llseek")
Signed-off-by: Phil Turnbull
---
fs/ceph/file.c |
The 'break' statement after calling ad5933_cmd only breaks out of the
'for' loop, which then unconditionally sets the return value to -EINVAL.
Move the initialisation of 'ret' so we return the correct value.
Signed-off-by: Phil Turnbull
---
drivers/staging/iio/i
From: Phil Turnbull
If nlh->nlmsg_len is zero then an infinite loop is triggered because
'skb_pull(skb, msglen);' pulls zero bytes.
The calculation in nlmsg_len() underflows if 'nlh->nlmsg_len <
NLMSG_HDRLEN' which bypasses the length validation and will later
trig
4 matches
Mail list logo