Hi,
On Tue, Nov 29, 2011 at 09:53:46PM -0500, Xi Wang wrote:
> diff --git a/drivers/staging/vt6656/ioctl.c b/drivers/staging/vt6656/ioctl.c
> index 4939002..1463d76 100644
> --- a/drivers/staging/vt6656/ioctl.c
> +++ b/drivers/staging/vt6656/ioctl.c
> @@ -557,6 +561,10 @@ int private_ioctl(PSDevice pDevice, struct ifreq *rq)
> result = -EFAULT;
> break;
> }
> + if (sNodeList.uItem > (ULONG_MAX - sizeof(SNodeList)) / sizeof(SNodeItem)) {
> + result = -ENOMEM;
Did you mean to use EINVAL here? That's what you used for vt6655.
> + break;
> + }
> pNodeList = (PSNodeList)kmalloc(sizeof(SNodeList) + (sNodeList.uItem * sizeof(SNodeItem)), (int)GFP_ATOMIC);
> if (pNodeList == NULL) {
> result = -ENOMEM;
Thanks,
Forest
--
Forest Bond
http://www.alittletooquiet.net
http://www.rapidrollout.com
Attachment:
signature.asc
Description: Digital signature
_______________________________________________ devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxx http://driverdev.linuxdriverproject.org/mailman/listinfo/devel
