-
由 Xi Wang 提交于
A large `nents' from userspace could overflow the allocation size, leading to memory corruption. | alloc_sglist() | usbtest_ioctl() Use kmalloc_array() to avoid the overflow. Signed-off-by: NXi Wang <xi.wang@gmail.com> Acked-by: NAlan Stern <stern@rowland.harvard.edu> Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
8bde9a62