On Mon, 9 Apr 2012, Xi Wang wrote: > A large `nents' from userspace could overflow the allocation size, > leading to memory corruption. > > | alloc_sglist() > | usbtest_ioctl() > > Use kmalloc_array() to avoid the overflow. > > Signed-off-by: Xi Wang <xi.wang@xxxxxxxxx> > Cc: Alan Stern <stern@xxxxxxxxxxxxxxxxxxx> > Cc: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx> Acked-by: Alan Stern <stern@xxxxxxxxxxxxxxxxxxx> -- To unsubscribe from this list: send the line "unsubscribe linux-usb" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
