On Sat, Sep 10, 2011 at 10:23:35PM -0400, Kevin McKinney wrote: > >From f228745a844cf56f8d12f06be31a687acd91f653 Mon Sep 17 00:00:00 2001 > From: Kevin McKinney <klmckinney1@xxxxxxxxx> > Date: Sat, 3 Sep 2011 15:15:20 -0400 > Subject: [PATCH 2/2] Staging: bcm: Add size maximum size restrictions for IOCTL_IDLE_REQ > > The maximum size is from the maximum size of the control packet > in ->Adapter->txctlpacket[] which is allocated in InitAdapter(). > If we don't cap the max we could get a stack trace from kmalloc() > but it's not harmful. > The patch description is not totally accurate. The first chunk caps the size of the kmalloc() which is nice, but not a memory corruption bug. The second chunk actually corrects a potential memory corruption bug which obviously is harmful. regards, dan carpenter _______________________________________________ devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxx http://driverdev.linuxdriverproject.org/mailman/listinfo/devel
