From c455b175a7cfdbcb11fd3662abcd83d6c6599091 Mon Sep 17 00:00:00 2001
From: Miloslav Trmač <mitr@redhat.com>
Date: Wed, 30 Jun 2010 14:03:21 +0200
Subject: Describe why there is no integer overflow.

---
 ncr-data.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/ncr-data.c b/ncr-data.c
index 012b920..93c69ac 100644
--- a/ncr-data.c
+++ b/ncr-data.c
@@ -82,6 +82,8 @@ struct data_item_st* item;
 static void* data_alloc(size_t size)
 {
 	/* FIXME: enforce a maximum memory limit per process and per user */
+	/* ncr_data_set() relies this function enforcing a reasonable upper
+	   limit. */
 	if (size > 64*1024) {
 		err();
 		return NULL;
@@ -280,6 +282,8 @@ int ncr_data_set(struct list_sem_st* lst, void __user* arg)
 		}
 		data->data_size = get.data_size;
 	} else {
+		/* get.data_size <= data->max_data_size, which is limited in
+		   data_alloc(), so there is no integer overflow. */
 		if (get.data_size+data->data_size > data->max_data_size) {
 			err();
 			ret = -EINVAL;
-- 
cgit