| Message ID | 4A15BA76.6080007@gmail.com |
|---|---|
| State | Accepted, archived |
| Delegated to: | David Miller |
| Headers | show |
From: Roel Kluin <roel.kluin@gmail.com> Date: Thu, 21 May 2009 22:32:54 +0200 > Do not go beyond ARRAY_SIZE of iwb->data > > Signed-off-by: Roel Kluin <roel.kluin@gmail.com> > --- > Sorry for the dup, the header was incorrect. This is against linux-next. Applied to net-2.6 -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Am 22.05.2009 00:04 schrieb David Miller: > From: Roel Kluin <roel.kluin@gmail.com> > Date: Thu, 21 May 2009 22:32:54 +0200 > >> Do not go beyond ARRAY_SIZE of iwb->data >> >> Signed-off-by: Roel Kluin <roel.kluin@gmail.com> >> --- >> Sorry for the dup, the header was incorrect. This is against linux-next. > > Applied to net-2.6 Thanks for the CC. Unfortunately I didn't receive the original patch, nor can I find it on LKML. Could someone send me a copy please so that I can check it before it gets merged? Thanks, Tilman
diff --git a/drivers/isdn/gigaset/isocdata.c b/drivers/isdn/gigaset/isocdata.c index fbce522..5569a6e 100644 --- a/drivers/isdn/gigaset/isocdata.c +++ b/drivers/isdn/gigaset/isocdata.c @@ -177,7 +177,7 @@ int gigaset_isowbuf_getbytes(struct isowbuf_t *iwb, int size) return -EINVAL; } src = iwb->read; - if (unlikely(limit > BAS_OUTBUFSIZE + BAS_OUTBUFPAD || + if (unlikely(limit >= BAS_OUTBUFSIZE + BAS_OUTBUFPAD || (read < src && limit >= src))) { err("isoc write buffer frame reservation violated"); return -EFAULT;
Do not go beyond ARRAY_SIZE of iwb->data Signed-off-by: Roel Kluin <roel.kluin@gmail.com> --- Sorry for the dup, the header was incorrect. This is against linux-next. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html