On Tue, Dec 06, 2016 at 02:10:13PM -0500, Oleg Drokin wrote: > > On Dec 6, 2016, at 1:37 PM, Dan Carpenter wrote: > > > On Tue, Dec 06, 2016 at 10:44:54AM -0500, Oleg Drokin wrote: > >> I see, indeed, it all makes sense now. > >> So basically if we unconditionally check for the size to be > 0, we should be > >> fine then, I imagine. > >> On the other hand there's probably no se for no param and nonzero param len, > >> so it's probably even better to enforce size as zero when no param. > > > > Checking for > 0 is not enough, because it could also have an integer > > overflow on 32 bit systems. We need to cap the upper bound as well. > > How would it play out, though? > offsetof(struct lstcon_test, tes_param[large_positive_int]) would result in > some real "large" negative number. > So trying to allocate this many negative bytes would fail, right? Not always. Please properly bound your allocations. thanks, greg k-h _______________________________________________ devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxx http://driverdev.linuxdriverproject.org/mailman/listinfo/driverdev-devel
