On Sat, Nov 13, 2010 at 01:06:38PM +0300, Dan Carpenter wrote: > checkpatch.pl and Andrew Morton both complained about the indenting in > fb_alloc_cmap() On Tue, Nov 16, 2010 at 12:11:02PM +0300, Dan Carpenter wrote: > There is an integer overflow in fb_set_user_cmap() because cmap->len * 2 > can wrap. It's basically harmless. Your terminal will be messed up > until you type reset. > > This patch does three things to fix the bug. > > First, it checks the return value of fb_copy_cmap() in fb_alloc_cmap(). > That is enough to fix address the overflow. > > Second it checks for the integer overflow in fb_set_user_cmap(). > > Lastly I wanted to cap "cmap->len" in fb_set_user_cmap() much lower > because it gets used to determine the size of allocation. Unfortunately > no one knows what the limit should be. Instead what this patch does > is makes the allocation happen with GFP_KERNEL instead of GFP_ATOMIC > and lets the kmalloc() decide what values of cmap->len are reasonable. > To do this, the patch introduces a function called fb_alloc_cmap_gfp() > which is like fb_alloc_cmap() except that it takes a GFP flag. Both applied, thanks. -- To unsubscribe from this list: send the line "unsubscribe kernel-janitors" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html