On Apr 6, 2012, at 5:18 PM, Greg Kroah-Hartman wrote: > How does that avoid the overflow? We still would have allocated a huge > chunk, which would not be good. How about bounding the size of nents > instead? kmalloc_array() checks for integer overflow. I agree with you that it's better to have a tight limit. We might also need to bound iterations to avoid overflow: context.count = param->sglen * param->iterations. How about limit them to 1024? - xi -- To unsubscribe from this list: send the line "unsubscribe linux-usb" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
