[PATCH] drivers/staging/bcm: Integer overflow

Dan Carpenter dan.carpenter at oracle.com
Fri Dec 20 11:18:47 UTC 2013


On Fri, Dec 20, 2013 at 07:07:38PM +0800, Wenliang Fan wrote:
> The checking condition in 'validateFlash2xReadWrite()' is not
> sufficient. A large number invalid would cause an integer overflow and
> pass the condition, which could cause further integer overflows in
> 'Bcmchar.c:bcm_char_ioctl()'.
> 
> Signed-off-by: Wenliang Fan <fanwlexca at gmail.com>

Looks good.

Reviewed-by: Dan Carpenter <dan.carpenter at oracle.com>

regards,
dan carpenter



More information about the devel mailing list