On 08/31/2012 12:33 PM, Nick Clifton wrote:
Hi DJ, Hi Ian,
The _objalloc_alloc() function is currently vulnerable to an integer
overflow if it is passed a negative length. For example if called
with len = -3 and assuming that OBJALLOC_ALIGN is 4 then:
line 122: len = (len + OBJA
Hi DJ, Hi Ian,
The _objalloc_alloc() function is currently vulnerable to an integer
overflow if it is passed a negative length. For example if called
with len = -3 and assuming that OBJALLOC_ALIGN is 4 then:
line 122: len = (len + OBJALLOC_ALIGN - 1) &~ (OBJALLOC_ALIGN - 1);
So len
