On Wed, Mar 04, 2009 at 12:07:49AM +0100, Roel Kluin wrote:
> Greg KH wrote:
> > On Tue, Mar 03, 2009 at 10:48:43PM +0100, Roel Kluin wrote:
> >> vi include/linux/usb.h +1373
> >> struct urb {
> >> ...
> >> int transfer_buffer_length;
> >> ...
> >> }
> >> So I think something like this is needed?
> >
> > Have you ever seen a transfer_buffer_length set to anywhere close to the
> > MAX_INT value to trigger this? Or a negative value?
>
> I observed this by code inspection.
>
> > How about just changing transfer_buffer_length to a u32, that should
> > solve it, right?
>
> That seems a sensible solution, but transfer_buffer_length is used in many
> drivers. It will require a lot of changes. Maybe better leave it as is at
> least until a real problem occurs.
How will it require a lot of changes? No one should ever be assuming
that it is signed, do you see any problems?
thanks,
greg k-h
--
To unsubscribe from this list: send the line "unsubscribe linux-usb" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
