On Thu, 2004-06-17 at 15:19, Dominic Hargreaves wrote: > On Thu, Jun 17, 2004 at 12:03:45PM +0100, Dave Jones wrote: > > There's a nasty memory leak fixed in FC1 which should have been > > backported to RHL9, as its user exploitable, and can be considered > > a local DoS. This was CAN-2004-0427 > > Cheers for the heads up. Plus there's this thing appeared on bugtraq > about an i2c vulnerability. Ho hum. That looks bogus. The size_t can't be negative. It's unsigned by its nature, which means passing -1 (0xffffffff) will get trapped by the if (count>4000) check before it gets as far as the kmalloc. Dave -- fedora-legacy-list@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-legacy-list
