Re: [patch -resend] NVMe: check for integer overflow innvme_map_user_pages()

From: Matthew Wilcox
Date: Fri May 17 2013 - 09:41:35 EST

On Mon, May 13, 2013 at 05:59:50PM +0300, Dan Carpenter wrote:
> You need to have CAP_SYS_ADMIN to trigger this overflow but it makes the
> static checkers complain so we should fix it. The worry is that
> "length" comes from copy_from_user() so we need to check that "length +
> offset" can't overflow.
> I also changed the min_t() cast to be unsigned instead of signed. Now
> that we cap "length" to INT_MAX it doesn't make a difference, but it's a
> little easier for reviewers to know that large values aren't cast to
> negative.
> Signed-off-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx>

To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at
Please read the FAQ at