On Wed, Mar 04, 2009 at 12:07:49AM +0100, Roel Kluin wrote: > Greg KH wrote: > > On Tue, Mar 03, 2009 at 10:48:43PM +0100, Roel Kluin wrote: > >> vi include/linux/usb.h +1373 > >> struct urb { > >> ... > >> int transfer_buffer_length; > >> ... > >> } > >> So I think something like this is needed? > > > > Have you ever seen a transfer_buffer_length set to anywhere close to the > > MAX_INT value to trigger this? Or a negative value? > > I observed this by code inspection. > > > How about just changing transfer_buffer_length to a u32, that should > > solve it, right? > > That seems a sensible solution, but transfer_buffer_length is used in many > drivers. It will require a lot of changes. Maybe better leave it as is at > least until a real problem occurs. How will it require a lot of changes? No one should ever be assuming that it is signed, do you see any problems? thanks, greg k-h -- To unsubscribe from this list: send the line "unsubscribe linux-usb" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html