Displaying 1 result from an estimated 1 matches for "795179".
Did you mean:
95179
2012 Sep 13
2
potential integer overflow in xenbus_file_write()
Hi,
I was reading some code and had a question in xenbus_file_write()
drivers/xen/xenbus/xenbus_dev_frontend.c
461 if ((len + u->len) > sizeof(u->u.buffer)) {
^^^^^^^^^^^^
Can this addition overflow? Should the test be something like:
if (len > sizeof(u->u.buffer) || len + u->len > sizeof(u->u.buffer)) {
462 /* On