In qlaxxx/qla_os.c, the copy_mem_info function can cause proc_file_read
to produce an "Apparent buffer overflow" error.
For illistration, lets assume we enter with
info->offset = 0
info->len = PAGE_SIZE (16384 on ia64 where I am seeing this)
info->pos = 0
We pass in a data buffer that is 16386 bytes long.
As a result, the first len check in copy_mem_info will restrict len to
16384. At the end of copy, info->buffer += len will point info->buffer
at the first byte of the next page.
When the qla2x00_proc_info read function returns to proc_file_read it
will check start >= page + PAGE_SIZE in the else case on fs/proc/generic.c
line 158, and produce a warning.
I am not sure what the correct fix is for this. Any guidance would
be appreciated.
Thanks,
Robin Holt
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]