| To: | Andi Kleen <ak@xxxxxxx> |
|---|---|
| Subject: | Re: some bluetooth fixes |
| From: | Marcel Holtmann <marcel@xxxxxxxxxxxx> |
| Date: | Wed, 11 Feb 2004 21:47:01 +0100 |
| Cc: | BlueZ Mailing List <bluez-devel@xxxxxxxxxxxxxxxxxxxxx>, netdev@xxxxxxxxxxx, viro@xxxxxxxxxxxxxxxxxx |
| In-reply-to: | <20040215002513.7c6fc532.ak@xxxxxxx> |
| References: | <20040206050042.20a2b3b0.ak@xxxxxxx> <1076079512.2806.40.camel@pegasus> <20040207032428.56ffbebc.ak@xxxxxxx> <1076152411.14418.73.camel@pegasus> <20040207125723.391a1fcd.ak@xxxxxxx> <1076173068.2670.4.camel@pegasus> <20040207172436.GB449@xxxxxxxxxxxxx> <1076525743.2792.1.camel@pegasus> <20040215002513.7c6fc532.ak@xxxxxxx> |
| Sender: | netdev-bounce@xxxxxxxxxxx |
Hi Andi, > + if (req.conn_num * sizeof(*ci) > PAGE_SIZE * 2) > + return -EINVAL; > > This can still overflow. It should be > > if (req.conn_num > (PAGE_SIZE * 2)/sizeof(*ci)) > return -EINVAL thanks for reviewing the patch again. The fixed version is only attached for control. It goes out to Dave in the next minutes. Regards Marcel
|
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| ||
| Previous by Date: | Re: [PATCH] IPV6: spelling correction, David S. Miller |
|---|---|
| Next by Date: | Re: Source Specific Query of MLDv2 [PATCH], David Stevens |
| Previous by Thread: | Re: some bluetooth fixes, Andi Kleen |
| Next by Thread: | Re: some bluetooth fixes, Marcel Holtmann |
| Indexes: | [Date] [Thread] [Top] [All Lists] |
