On Sun, Dec 05, 2010 at 12:05:22AM +0300, Vasiliy Kulikov wrote: > 'n' may be bigger than MAX_INT*sizeof(int), if so checking of truncated > (int)(n/sizeof(int)) for LIRCBUF_SIZE overflows and then using nontruncated 'count' > doesn't make sense. This is not a security issue as too big 'n' is catched in > kmalloc() in memdup_user() call. However, it's better to prevent WARN() in kmalloc(). > > Signed-off-by: Vasiliy Kulikov <segoon@xxxxxxxxxxxx> Now that I have my head out of my arse wrt the actual issue here, the redundancy issue from v1 is resolved, and I've managed a full night's sleep... ;) Acked-by: Jarod Wilson <jarod@xxxxxxxxxx> -- Jarod Wilson jarod@xxxxxxxxxx -- To unsubscribe from this list: send the line "unsubscribe kernel-janitors" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html