mirror of
https://github.com/gnif/LookingGlass.git
synced 2024-11-22 05:27:20 +00:00
[module] fix integer overflow in kvmfr_dmabuf_create
This commit is contained in:
parent
3de2641d92
commit
c0acfd1228
@ -1,5 +1,5 @@
|
||||
PACKAGE_NAME="kvmfr"
|
||||
PACKAGE_VERSION="0.0.3"
|
||||
PACKAGE_VERSION="0.0.4"
|
||||
BUILT_MODULE_NAME[0]="${PACKAGE_NAME}"
|
||||
MAKE[0]="make KDIR=${kernel_source_dir}"
|
||||
CLEAN="make KDIR=${kernel_source_dir} clean"
|
||||
|
@ -37,7 +37,7 @@ DEFINE_MUTEX(minor_lock);
|
||||
DEFINE_IDR(kvmfr_idr);
|
||||
|
||||
#define KVMFR_UIO_NAME "KVMFR"
|
||||
#define KVMFR_UIO_VER "0.0.3"
|
||||
#define KVMFR_UIO_VER "0.0.4"
|
||||
#define KVMFR_DEV_NAME "kvmfr"
|
||||
#define KVMFR_MAX_DEVICES 10
|
||||
|
||||
@ -171,7 +171,7 @@ static long kvmfr_dmabuf_create(struct kvmfr_dev * kdev, struct file * filp, uns
|
||||
return -EINVAL;
|
||||
}
|
||||
|
||||
if (create.offset + create.size > kdev->size)
|
||||
if ((create.offset + create.size > kdev->size) || (create.offset + create.size < create.offset))
|
||||
return -EINVAL;
|
||||
|
||||
kbuf = kzalloc(sizeof(struct kvmfrbuf), GFP_KERNEL);
|
||||
|
Loading…
Reference in New Issue
Block a user