Since vwrite() has already check whether overflow, as a pair function,
vread() also need do the same thing.
Since vwrite() check the source buffer address, vread() should check
the destination buffer address.
Signed-off-by: Chen Gang <gang.chen@xxxxxxxxxxx>
---
mm/nommu.c | 4 ++++
1 files changed, 4 insertions(+), 0 deletions(-)
diff --git a/mm/nommu.c b/mm/nommu.c
index 886e07c..0614ee1 100644
--- a/mm/nommu.c
+++ b/mm/nommu.c
@@ -282,6 +282,10 @@ EXPORT_SYMBOL(vmalloc_to_pfn);
long vread(char *buf, char *addr, unsigned long count)
{
+ /* Don't allow overflow */
+ if ((unsigned long) buf + count < count)
+ count = -(unsigned long) buf;
+
memcpy(buf, addr, count);
return count;
}
--
1.7.7.6
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@xxxxxxxxx. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@xxxxxxxxx";> email@xxxxxxxxx </a>