On Fri, Nov 25, 2011 at 04:46:51PM -0500, Xi Wang wrote: > There is a potential integer overflow in do_insnlist_ioctl() if > userspace passes in a large insnlist.n_insns. The call to kmalloc() > would allocate a small buffer, leading to a memory corruption. > > The bug was reported by Dan Carpenter <[email protected]> > and Haogang Chen <[email protected]>. The patch was suggested by > Ian Abbott <[email protected]> and Lars-Peter Clausen <[email protected]>. > > Signed-off-by: Xi Wang <[email protected]>
Hm, I already applied Dan's previous patch, what should I do with this one now? Revert Dan's and apply this one, or apply both of them, or something else? confused, greg k-h _______________________________________________ devel mailing list [email protected] http://driverdev.linuxdriverproject.org/mailman/listinfo/devel
