git.samba.org / sfrench / cifs-2.6.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Merge tag 'for-6.2-rc7-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/kdave...
[sfrench/cifs-2.6.git] / fs / btrfs / send.c
diff --git a/fs/btrfs/send.c b/fs/btrfs/send.c
index e65e6b6600a744b240405ca4c973ccb55e9e85e1..d50182b6deec8fec035f9735b1a5e6ecefb8e27e 100644 (file)
--- a/fs/btrfs/send.c
+++ b/fs/btrfs/send.c
@@ -8073,10 +8073,10 @@ long btrfs_ioctl_send(struct inode *inode, struct btrfs_ioctl_send_args *arg)
        /*
         * Check that we don't overflow at later allocations, we request
         * clone_sources_count + 1 items, and compare to unsigned long inside
-        * access_ok.
+        * access_ok. Also set an upper limit for allocation size so this can't
+        * easily exhaust memory. Max number of clone sources is about 200K.
         */
-       if (arg->clone_sources_count >
-           ULONG_MAX / sizeof(struct clone_root) - 1) {
+       if (arg->clone_sources_count > SZ_8M / sizeof(struct clone_root)) {
                ret = -EINVAL;
                goto out;
        }
Unnamed repository; edit this file 'description' to name the repository.