[PATCH v5 1/2] lib/mpi: Fix buffer overrun when SG is too long

Fri Dec 30 15:39:30 UTC 2022

On Fri, Dec 30, 2022 at 01:35:07PM +0000, David Laight wrote:
>
> miter.length is size_t (unsigned long on 64bit) and nbytes unsigned int.

miter.length is bounded by sg->length which is unsigned int.

Cheers,
-- 
Email: Herbert Xu <herbert at gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt