On Mon, 2016-01-18 at 14:55 -0500, Insu Yun wrote: > Since len is signed integer variable, it is better to check > whether len is non-negative or not. > If non-negative value len gives, it can cause heap overflow. Hey, this patch is full of a ton of undocumented (and mostly spurious) whitespace changes, which make it very hard to see the actual patch > Signed-off-by: Insu Yun <wuninsu@xxxxxxxxx> > --- > drivers/scsi/scsi_lib.c | 33 ++++++++++++++++++--------------- > 1 file changed, 18 insertions(+), 15 deletions(-) [...] Which is this, I think: > @@ -2349,6 +2349,9 @@ scsi_mode_select(struct scsi_device *sdev, int > pf, int sp, int modepage, > unsigned char *real_buffer; > int ret; > > + if (len < 0) > + return -EINVAL; > + > memset(cmd, 0, sizeof(cmd)); > cmd[1] = (pf ? 0x10 : 0) | (sp ? 0x01 : 0); What's the actual problem here? There's only one user of scsi_mode_select: an internal one which always sends in a positive length, so this check is entirely unnecessary. James -- To unsubscribe from this list: send the line "unsubscribe linux-scsi" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
