On Sat, Nov 17, 2012 at 09:10:56PM +0300, Dan Carpenter wrote: > On Sat, Nov 17, 2012 at 06:48:55PM +0100, walter harms wrote: > > > > > > Am 17.11.2012 16:06, schrieb Dan Carpenter: > > > If param->length is zero, then this could lead to a divide by zero bug > > > later in the function when we do: size %= max; > > > > > > Signed-off-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx> > > > > > > diff --git a/drivers/usb/misc/usbtest.c b/drivers/usb/misc/usbtest.c > > > index f10bd97..7667b12 100644 > > > --- a/drivers/usb/misc/usbtest.c > > > +++ b/drivers/usb/misc/usbtest.c > > > @@ -423,6 +423,9 @@ alloc_sglist(int nents, int max, int vary) > > > unsigned i; > > > unsigned size = max; > > > > > > + if (max == 0) > > > + return NULL; > > > + > > > > maybe you should be more defensive and check from (max <= 0) > > > > Nah... Testing for == 0 is ok. The parameter comes from user. -1 is hardly possible because the parameter is defined as unsigned and only alloc_sglist() parameters are signed. Could you please convert the int to unsigned so it matches the original source of the parameter? Passing -1 from user space leads to |WARNING: at /home/bigeasy/work/new/TI/linux/mm/page_alloc.c:2403 |__alloc_pages_nodemask+0x24d/0x6d0() aka ENOMEM so it is not that big of deal. 0 on the hand is more critical. > regards, > dan carpenter Sebastian -- To unsubscribe from this list: send the line "unsubscribe kernel-janitors" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
