Re: [PATCH v2] staging: vc04_services: rework ioctl code path

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, Nov 10, 2016 at 10:15:31PM -0800, Michael Zoran wrote:
> +static void *
> +vchiq_ioctl_kmalloc(struct vchiq_ioctl_call_context *ctxt, size_t size)
> +{
> +	void *mem;
> +
> +	if (!ctxt->stackmem_used && size < sizeof(ctxt->stackmem)) {
> +		ctxt->stackmem_used = true;
> +		return ctxt->stackmem;
> +	}
> +
> +	mem = kmalloc(size + sizeof(void *), GFP_KERNEL);

This is a potential integer overflow leading to corruption.  I don't
understand why we need this complicated memory management anyway...

> +	if (!mem)
> +		return NULL;
> +
> +	*(void **)mem = ctxt->prev_kmalloc;
> +	ctxt->prev_kmalloc = mem;
> +
> +	return mem + sizeof(void *);
> +}

regards,
dan carpenter
_______________________________________________
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxx
http://driverdev.linuxdriverproject.org/mailman/listinfo/driverdev-devel



[Index of Archives]     [Linux Driver Backports]     [DMA Engine]     [Linux GPIO]     [Linux SPI]     [Video for Linux]     [Linux USB Devel]     [Linux Coverity]     [Linux Audio Users]     [Linux Kernel]     [Linux SCSI]     [Yosemite Backpacking]
  Powered by Linux