[PATCH] drivers/staging/bcm: Integer overflow
Dan Carpenter
dan.carpenter at oracle.com
Fri Dec 20 11:18:47 UTC 2013
On Fri, Dec 20, 2013 at 07:07:38PM +0800, Wenliang Fan wrote:
> The checking condition in 'validateFlash2xReadWrite()' is not
> sufficient. A large number invalid would cause an integer overflow and
> pass the condition, which could cause further integer overflows in
> 'Bcmchar.c:bcm_char_ioctl()'.
>
> Signed-off-by: Wenliang Fan <fanwlexca at gmail.com>
Looks good.
Reviewed-by: Dan Carpenter <dan.carpenter at oracle.com>
regards,
dan carpenter
More information about the devel
mailing list