On Thu, Dec 07, 2017 at 09:19:29PM +0000, Ben Hutchings wrote:
The checks for whether another region/block header could be present are subtracting the size from the current offset. Obviously we should instead subtract the offset from the size.
The checks for whether the region/block data fit in the file are adding the data size to the current offset and header size, without checking for integer overflow. Rearrange these so that overflow is impossible.
Cc: stable@vger.kernel.org Signed-off-by: Ben Hutchings ben.hutchings@codethink.co.uk
Acked-by: Charles Keepax ckeepax@opensource.cirrus.com Tested-by: Charles Keepax ckeepax@opensource.cirrus.com
But you would probably be best to resend and include Mark Brown in the To: field. He applies the Wolfson patches directly to his tree and he might miss it since it just went to the list.
Thanks, Charles