mirror of https://gitee.com/openkylin/linux.git
usb: usbtest: avoid integer overflow in alloc_sglist()
A large `nents' from userspace could overflow the allocation size, leading to memory corruption. | alloc_sglist() | usbtest_ioctl() Use kmalloc_array() to avoid the overflow. Signed-off-by: Xi Wang <xi.wang@gmail.com> Acked-by: Alan Stern <stern@rowland.harvard.edu> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
This commit is contained in:
parent
e65cdfae71
commit
8bde9a62ee
|
@ -423,7 +423,7 @@ alloc_sglist(int nents, int max, int vary)
|
|||
unsigned i;
|
||||
unsigned size = max;
|
||||
|
||||
sg = kmalloc(nents * sizeof *sg, GFP_KERNEL);
|
||||
sg = kmalloc_array(nents, sizeof *sg, GFP_KERNEL);
|
||||
if (!sg)
|
||||
return NULL;
|
||||
sg_init_table(sg, nents);
|
||||
|
|
Loading…
Reference in New Issue