diff options
author | Chen Gang <gang.chen@asianux.com> | 2013-07-03 15:02:36 -0700 |
---|---|---|
committer | Linus Torvalds <torvalds@linux-foundation.org> | 2013-07-03 16:07:31 -0700 |
commit | 9bde916bc73255dcee3d8aded990443675daa707 (patch) | |
tree | 5f8487f28ba847ff7b7ddf1df6493ba20d555ebd /mm/nommu.c | |
parent | dacbde0963d62a4962d5e8a5cc38dfd1f016124b (diff) | |
download | op-kernel-dev-9bde916bc73255dcee3d8aded990443675daa707.zip op-kernel-dev-9bde916bc73255dcee3d8aded990443675daa707.tar.gz |
mm/nommu.c: add additional check for vread() just like vwrite() has done
vwrite() checks for overflow. vread() should do the same thing.
Since vwrite() checks the source buffer address, vread() should check
the destination buffer address.
Signed-off-by: Chen Gang <gang.chen@asianux.com>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: Michel Lespinasse <walken@google.com>
Cc: Rik van Riel <riel@redhat.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'mm/nommu.c')
-rw-r--r-- | mm/nommu.c | 4 |
1 files changed, 4 insertions, 0 deletions
@@ -282,6 +282,10 @@ EXPORT_SYMBOL(vmalloc_to_pfn); long vread(char *buf, char *addr, unsigned long count) { + /* Don't allow overflow */ + if ((unsigned long) buf + count < count) + count = -(unsigned long) buf; + memcpy(buf, addr, count); return count; } |