[module] fix integer overflow in kvmfr_dmabuf_create

This commit is contained in:
four0four 2020-10-30 00:22:18 -07:00 committed by Geoffrey McRae
parent 3de2641d92
commit c0acfd1228
2 changed files with 3 additions and 3 deletions

View File

@ -1,5 +1,5 @@
PACKAGE_NAME="kvmfr"
PACKAGE_VERSION="0.0.3"
PACKAGE_VERSION="0.0.4"
BUILT_MODULE_NAME[0]="${PACKAGE_NAME}"
MAKE[0]="make KDIR=${kernel_source_dir}"
CLEAN="make KDIR=${kernel_source_dir} clean"

View File

@ -37,7 +37,7 @@ DEFINE_MUTEX(minor_lock);
DEFINE_IDR(kvmfr_idr);
#define KVMFR_UIO_NAME "KVMFR"
#define KVMFR_UIO_VER "0.0.3"
#define KVMFR_UIO_VER "0.0.4"
#define KVMFR_DEV_NAME "kvmfr"
#define KVMFR_MAX_DEVICES 10
@ -171,7 +171,7 @@ static long kvmfr_dmabuf_create(struct kvmfr_dev * kdev, struct file * filp, uns
return -EINVAL;
}
if (create.offset + create.size > kdev->size)
if ((create.offset + create.size > kdev->size) || (create.offset + create.size < create.offset))
return -EINVAL;
kbuf = kzalloc(sizeof(struct kvmfrbuf), GFP_KERNEL);