lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Sat, 19 Jan 2008 10:36:37 +0100 From: Takashi Iwai <tiwai@...e.de> To: Al Viro <viro@...IV.linux.org.uk> Cc: linux-kernel@...r.kernel.org Subject: Re: something odd in emu10k1/emufx At Sat, 19 Jan 2008 02:16:14 +0000, Al Viro wrote: > > In copy_tlv() we have > tlv = kmalloc(data[1] * 4 + sizeof(data), GFP_KERNEL); > if (!tlv) > return NULL; > memcpy(tlv, data, sizeof(data)); > if (copy_from_user(tlv + 2, _tlv + 2, data[1])) { > kfree(tlv); > return NULL; > } > which looks rather odd, since either we kmalloc too much or copy too little... > Comments? It's the former case. The total length should be data[1] + sizeof(data). I fixed on ALSA tree now. Thanks, Takashi -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists