| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20101115081457.GC21614@bicker> Date: Mon, 15 Nov 2010 11:14:57 +0300 From: Dan Carpenter <error27@...il.com> To: walter harms <wharms@....de> Cc: Geert Uytterhoeven <geert@...ux-m68k.org>, Paul Mundt <lethal@...ux-sh.org>, Andrew Morton <akpm@...ux-foundation.org>, linux-fbdev@...r.kernel.org, linux-kernel@...r.kernel.org, kernel-janitors@...r.kernel.org Subject: Re: [patch 2/2] fbcmap: integer overflow bug On Mon, Nov 15, 2010 at 09:01:14AM +0100, walter harms wrote: > I do not see the rest of the code but it looks like > cmap->len is size in int8_t. So the upper limit is something like > INT_MAX/(sizeof(u16)*2). Perhaps we can call it a char ? > is there ANY system that has a more than 256 colors in R|G|B ? > Yeah. There are. I had a list of some but I've deleted it. > <spying for struct fb_cmap_user > > __u32 len; > __u16 __user *red; > > So no need to check for <0. I test size which is an int so that's why it's needed. regards, dan carpenter -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists