On Sun, Nov 27, 2011 at 02:25:39PM +0300, Dan Carpenter wrote: > On Sat, Nov 26, 2011 at 06:52:52PM -0800, Greg KH wrote: > > On Fri, Nov 25, 2011 at 04:46:51PM -0500, Xi Wang wrote: > > > There is a potential integer overflow in do_insnlist_ioctl() if > > > userspace passes in a large insnlist.n_insns. The call to kmalloc() > > > would allocate a small buffer, leading to a memory corruption. > > > > > > The bug was reported by Dan Carpenter <dan.carpenter@xxxxxxxxxx> > > > and Haogang Chen <haogangchen@xxxxxxxxx>. The patch was suggested by > > > Ian Abbott <abbotti@xxxxxxxxx> and Lars-Peter Clausen <lars@xxxxxxxxxx>. > > > > > > Signed-off-by: Xi Wang <xi.wang@xxxxxxxxx> > > > > Hm, I already applied Dan's previous patch, what should I do with this > > one now? Revert Dan's and apply this one, or apply both of them, or > > something else? > > Sorry for that, I should have replied to my patch when I learned that > it had a problem. > > Please, revert mine and apply Xi Wang's. Ok, now done. greg k-h _______________________________________________ devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxx http://driverdev.linuxdriverproject.org/mailman/listinfo/devel
