Thanks for the pointer. However you cannot do the overflow check using if (sizeof(struct comedi_insn) * insnlist.n_insns < insnlist.n_insns) Let's assume 32-bit system, sizeof(struct comedi_insn) = 32, and insnlist.n_insns = 0x7fffffff. Note that 32 * 0x7fffffff = 0xffffffe0 overflows but bypasses your check. - xi On Wed, Nov 23, 2011 at 1:13 AM, Dan Carpenter <dan.carpenter@xxxxxxxxxx> wrote: > I sent a patch for this already. > > http://driverdev.linuxdriverproject.org/pipermail/devel/2011-November/022469.html > > regards, > dan carpenter > > > _______________________________________________ devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxx http://driverdev.linuxdriverproject.org/mailman/listinfo/devel
