[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <yq1347vfnro.fsf@ca-mkp.ca.oracle.com>
Date: Mon, 06 Oct 2025 22:29:08 -0400
From: "Martin K. Petersen" <martin.petersen@...cle.com>
To: Dan Carpenter <dan.carpenter@...aro.org>
Cc: Robert Love <robert.w.love@...el.com>, Hannes Reinecke <hare@...e.de>,
"James E.J. Bottomley" <James.Bottomley@...senpartnership.com>,
"Martin
K. Petersen" <martin.petersen@...cle.com>,
linux-scsi@...r.kernel.org, linux-kernel@...r.kernel.org,
kernel-janitors@...r.kernel.org
Subject: Re: [PATCH] scsi: libfc: Prevent integer overflow in
fc_fcp_recv_data()
Dan,
> The "offset" comes from the skb->data that we received. Here the code
> is verifying that "offset + len" is within bounds however it does not
> take integer overflows into account. Use size_add() to be safe.
Applied to 6.18/scsi-staging, thanks!
--
Martin K. Petersen
Powered by blists - more mailing lists