• NeilBrown's avatar
    md: avoid signed overflow in slot_store() · 3bc57292
    NeilBrown authored
    slot_store() uses kstrtouint() to get a slot number, but stores the
    result in an "int" variable (by casting a pointer).
    This can result in a negative slot number if the unsigned int value is
    very large.
    
    A negative number means that the slot is empty, but setting a negative
    slot number this way will not remove the device from the array.  I don't
    think this is a serious problem, but it could cause confusion and it is
    best to fix it.
    Reported-by: default avatarDan Carpenter <error27@gmail.com>
    Signed-off-by: default avatarNeilBrown <neilb@suse.de>
    Signed-off-by: default avatarSong Liu <song@kernel.org>
    3bc57292
md.c 260 KB