mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
synced 2025-12-27 11:06:41 -05:00
120642726e
The "offset" comes from the skb->data that we received. Here the code
is verifying that "offset + len" is within bounds however it does not
take integer overflows into account. Use size_add() to be safe.
This would only be an issue on 32bit systems which are probably a very
small percent of the users. Still, it's worth fixing just for
correctness sake.
Fixes: 42e9a92fe6 ("[SCSI] libfc: A modular Fibre Channel library")
Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org>
Message-Id: <aNvPMet7TPtM9CY1@stanley.mountain>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>