From: J Freyensee <james_p_freyensee@xxxxxxxxxxxxxxx>
Currently, kmalloc_index() can return -1, which can be
passed right to the kmalloc_caches[] array, cause a
buffer overflow, and security bug issue (not sure how
likely this can happen, but this case does exist in the code).
This adds a check for -1 and completely prevents this from happening.
Signed-off-by: J Freyensee <james_p_freyensee@xxxxxxxxxxxxxxx>
---
include/linux/slub_def.h | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/include/linux/slub_def.h b/include/linux/slub_def.h
index 45ca123..558fa99 100644
--- a/include/linux/slub_def.h
+++ b/include/linux/slub_def.h
@@ -211,7 +211,7 @@ static __always_inline struct kmem_cache *kmalloc_slab(size_t size)
{
int index = kmalloc_index(size);
- if (index == 0)
+ if ((index == 0) || (index == -1))
return NULL;
return kmalloc_caches[index];
--
1.7.2.3
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@xxxxxxxxxx For more info on Linux MM,
see: http://www.linux-mm.org/ .
Fight unfair telecom internet charges in Canada: sign http://stopthemeter.ca/
Don't email: <a href=mailto:"dont@xxxxxxxxx";> email@xxxxxxxxx </a>