>From: ext Alan Cox [mailto:a...@lxorguk.ukuu.org.uk] >Sent: 08 November, 2010 13:39 > >On Mon, 8 Nov 2010 12:08:07 +0100 ><ilkka.koski...@nokia.com> wrote: > >> Hi, >> >> >From: ext Alan Cox [mailto:a...@lxorguk.ukuu.org.uk] >> >Sent: 08 November, 2010 01:52 >> > >> >> + datalen = p->custom_len * sizeof(p->custom_data[0]); >> > >> >signed >> > >> >> + if (datalen > MAX_EFFECT_SIZE) { >> > >> >unsigned >> >> It should be unsigned. I'll fix it. >> >> >> + memcpy(einfo->buf, p->custom_data, datalen); >> > >> >ungood >> >> Yep, that's clearly wrong too. Should be copy_from_user() I suppose. > >That I hadn't considered - and I'm not sure whether the caller is passed >a kernel copy or not. The problem I was looking at was just the signed >case > > datalen < 0 > if (datalen > MAX ..) > Nope > > memcpy(kernel, mysource, vastly more than intended (unsigned))
Ah, I got it now. Thanks for clarification :) Cheers, Ilkka ------------------------------------------------------------------------------ The Next 800 Companies to Lead America's Growth: New Video Whitepaper David G. Thomson, author of the best-selling book "Blueprint to a Billion" shares his insights and actions to help propel your business during the next growth cycle. Listen Now! http://p.sf.net/sfu/SAP-dev2dev _______________________________________________ spi-devel-general mailing list spi-devel-general@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/spi-devel-general