Re: 2.6.8-rc2-mm1

From: viro
Date: Wed Jul 28 2004 - 18:12:21 EST

Next message: Nigel Cunningham: "Re: [Patch] Per kthread freezer flags"
Previous message: Andrew Morton: "Re: [PATCH][PPC32] Makefile cleanups and gcc-3.4+binutils-2.14check"
In reply to: Johannes Stezenbach: "Re: 2.6.8-rc2-mm1"
Next in thread: Johannes Stezenbach: "Re: 2.6.8-rc2-mm1"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Jul 29, 2004 at 12:24:55AM +0200, Johannes Stezenbach wrote:
> Signed-off-by: Johannes Stezenbach <js@xxxxxxxxxxxxxx>
>
> --- linux-2.6.8-rc2/drivers/media/dvb/dvb-core/dvb_functions.c.orig 2004-07-29 00:19:50.000000000 +0200
> +++ linux-2.6.8-rc2/drivers/media/dvb/dvb-core/dvb_functions.c 2004-07-29 00:20:05.000000000 +0200
> @@ -36,7 +36,7 @@ int dvb_usercopy(struct inode *inode, st
> /* Copy arguments into temp kernel buffer */
> switch (_IOC_DIR(cmd)) {
> case _IOC_NONE:
> - parg = NULL;
> + parg = (void *) arg;

Mind explaining why it is the right thing to do? You are creating a kernel
pointer out of value passed to you by userland and feed it to a function
that expects a kernel pointer. Which is an invitation for trouble - if
it ends up dereferenced, we are screwed and won't notice that.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Nigel Cunningham: "Re: [Patch] Per kthread freezer flags"
Previous message: Andrew Morton: "Re: [PATCH][PPC32] Makefile cleanups and gcc-3.4+binutils-2.14check"
In reply to: Johannes Stezenbach: "Re: 2.6.8-rc2-mm1"
Next in thread: Johannes Stezenbach: "Re: 2.6.8-rc2-mm1"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]