[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [patch 1/3] xen/privcmd: check for integer overflow in ioctl
On Mon, Sep 10, 2012 at 11:35:11AM +0100, David Vrabel wrote: > On 08/09/12 10:52, Dan Carpenter wrote: > > If m.num is too large then the "m.num * sizeof(*m.arr)" multiplication > > could overflow and the access_ok() check wouldn't test the right size. > > m.num is range checked later on so it doesn't matter that the > access_ok() checks might be wrong. A bit subtle, perhaps. > Yeah. It's too subtle for my static checker but not so subtle for a human being. Laziness on my part. Please drop this patch. regards, dan carpenter _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |