On Mit, 2012-04-25 at 14:46 +0200, Christian K?nig wrote: > Aligning offset can make it bigger than tmp->offset > leading to an overrun bug in the following subtraction. > > Signed-off-by: Christian K?nig <deathsimple at vodafone.de>
Please add Cc: stable at vger.kernel.org to the commit log (but don't send the patch to that address during review). That way, once Linus merges the fix, it'll be picked up for the 3.3.y stable tree. With that addition, Reviewed-by: Michel D?nzer <michel.daenzer at amd.com> -- Earthling Michel D?nzer | http://www.amd.com Libre software enthusiast | Debian, X and DRI developer
