On Saturday 01 April 2006 04:35, Mitchell Blank Jr wrote:
> * I also changed "size" to be unsigned since that makes more sense and
> is less prone to overflow bugs. I'm also a little scared by the
> "kmalloc(6 * size)" since that type of call is a classic multiply-overflow
> security hole (hence libc's calloc() API). However "size" is constrained
> by fdt->max_fdset so I think it isn't exploitable. The kernel doesn't
> have an overflow-safe API for kmalloc'ing arrays, does it?
kcalloc. But it's slow since it memsets.
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Video 4 Linux]
[Linux for the blind]