On Sun, Sep 09, 2012 at 04:16:58PM +0200, Sasha Levin wrote:
> device_write only checks whether the request size is big enough, but it 
> doesn't
> check if the size is too big.
> 
> At that point, it also tries to allocate as much memory as the user has 
> requested
> even if it's too much. This can lead to OOM killer kicking in, or memory 
> corruption
> if (count + 1) overflows.

thanks, pushed to next

Reply via email to