On Sun, Feb 25, 2018 at 01:39:55PM +0200, Leon Romanovsky wrote: > + /* check multiplication overflow */ > + if (ucmd.cqe_size && SIZE_MAX / (size_t)ucmd.cqe_size <= entries - 1) > + return -EINVAL; This division is done on size_t, pretty sure the cast isn't needed. > umem = ib_umem_get(context, ucmd.buf_addr, entries * ucmd.cqe_size, But the protected multiplication is done on (int) * (u16) So this isn't going to work properly. Make entries size_t. Jason -- To unsubscribe from this list: send the line "unsubscribe linux-rdma" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
