Commit ac517c3f authored by Linus Torvalds's avatar Linus Torvalds

The fast poll code incorrectly assumed that "sizeof pp" was the same

as "offsetof pp->entries". Which happens to be true on 32-bit platforms,
but not on 64-bit ones.

From Anton Blanchard.
parent 56eb992e
...@@ -471,7 +471,7 @@ asmlinkage long sys_poll(struct pollfd * ufds, unsigned int nfds, long timeout) ...@@ -471,7 +471,7 @@ asmlinkage long sys_poll(struct pollfd * ufds, unsigned int nfds, long timeout)
walk->next = pp; walk->next = pp;
walk = pp; walk = pp;
if (copy_from_user(pp+1, ufds + nfds-i, if (copy_from_user(pp->entries, ufds + nfds-i,
sizeof(struct pollfd)*pp->len)) { sizeof(struct pollfd)*pp->len)) {
err = -EFAULT; err = -EFAULT;
goto out_fds; goto out_fds;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment