On Mon, Sep 10, 2012 at 11:35:11AM +0100, David Vrabel wrote: > On 08/09/12 10:52, Dan Carpenter wrote: > > If m.num is too large then the "m.num * sizeof(*m.arr)" multiplication > > could overflow and the access_ok() check wouldn't test the right size. > > m.num is range checked later on so it doesn't matter that the > access_ok() checks might be wrong. A bit subtle, perhaps. > Yeah. It's too subtle for my static checker but not so subtle for a human being. Laziness on my part. Please drop this patch. regards, dan carpenter _______________________________________________ Virtualization mailing list Virtualization@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linuxfoundation.org/mailman/listinfo/virtualization
