On Mon, Sep 08, 2014 at 02:40:33PM +0200, Stefan Richter wrote:
On Sep 08 Stefan Richter wrote:
On Sep 08 Dan Carpenter wrote:
program_info_length is user controlled and can go up to 4095. The
operand[] array has 509 bytes so we need to add a limit here to prevent
buffer overflows.
On Sep 08 Dan Carpenter wrote:
program_info_length is user controlled and can go up to 4095. The
operand[] array has 509 bytes so we need to add a limit here to prevent
buffer overflows.
Signed-off-by: Dan Carpenter dan.carpen...@oracle.com
Reviewed-by: Stefan Richter
On Sep 08 Stefan Richter wrote:
On Sep 08 Dan Carpenter wrote:
program_info_length is user controlled and can go up to 4095. The
operand[] array has 509 bytes so we need to add a limit here to prevent
buffer overflows.
Signed-off-by: Dan Carpenter dan.carpen...@oracle.com