On Dec 6, 2016, at 1:37 PM, Dan Carpenter wrote: > On Tue, Dec 06, 2016 at 10:44:54AM -0500, Oleg Drokin wrote: >> I see, indeed, it all makes sense now. >> So basically if we unconditionally check for the size to be > 0, we should be >> fine then, I imagine. >> On the other hand there's probably no se for no param and nonzero param len, >> so it's probably even better to enforce size as zero when no param. > > Checking for > 0 is not enough, because it could also have an integer > overflow on 32 bit systems. We need to cap the upper bound as well. How would it play out, though? offsetof(struct lstcon_test, tes_param[large_positive_int]) would result in some real "large" negative number. So trying to allocate this many negative bytes would fail, right? _______________________________________________ devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxx http://driverdev.linuxdriverproject.org/mailman/listinfo/driverdev-devel
