Since vwrite() has already check whether overflow, as a pair function, vread() also need do the same thing.
Since vwrite() check the source buffer address, vread() should check the destination buffer address. Signed-off-by: Chen Gang <[email protected]> --- mm/nommu.c | 4 ++++ 1 files changed, 4 insertions(+), 0 deletions(-) diff --git a/mm/nommu.c b/mm/nommu.c index 886e07c..0614ee1 100644 --- a/mm/nommu.c +++ b/mm/nommu.c @@ -282,6 +282,10 @@ EXPORT_SYMBOL(vmalloc_to_pfn); long vread(char *buf, char *addr, unsigned long count) { + /* Don't allow overflow */ + if ((unsigned long) buf + count < count) + count = -(unsigned long) buf; + memcpy(buf, addr, count); return count; } -- 1.7.7.6 -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
