This function dereference a __user pointer.
Here is a proposed patch:
Signed-Off-By: Philippe R
> Summary: drivers/usb/core/devio.c dereference userspace pointer
> Kernel Version: 2.6.17-rc1
> Status: NEW
> Severity: normal
> Owner: firstname.lastname@example.org
> Submitter: email@example.com
> This function dereference a __user pointer.
> Here is a proposed patch:
> Signed-Off-By: Philippe R
Nope, not bug.
Note that iso_frame_desc is an array. Ie, ((struct usbdevfs_urb __user
*)arg)->iso_frame_desc is just arg + N, with N iso_frame_desc's offset inside
It could perhaps be clearer to say &(..)->iso_frame_desc, but being as how
that's the same thing, it's not a bug.
Yeah, I agree, this isn't a bug, and the patch from Andrew doesn't really make
much sense as it's just the same thing.