From e73450c7b809ef8489805f1ada9cfacaea8055bb Mon Sep 17 00:00:00 2001
From: Dan Carpenter <error27@gmail.com>
Date: Fri, 8 Oct 2010 09:03:07 +0200
Subject: [PATCH] --- yaml --- r: 221469 b: refs/heads/master c:
 f63ae56e4e97fb12053590e41a4fa59e7daa74a4 h: refs/heads/master i:   221467:
 b5a4a0c49a2d258418a51af565671000d21ff4ed v: v3

---
 [refs]                    | 2 +-
 trunk/drivers/scsi/gdth.c | 8 ++++++++
 2 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/[refs] b/[refs]
index 2c3238f7770b..4788ae5c4b39 100644
--- a/[refs]
+++ b/[refs]
@@ -1,2 +1,2 @@
 ---
-refs/heads/master: 546ae796bfac6399e30da4b5af2cf7a6d0f8a4ec
+refs/heads/master: f63ae56e4e97fb12053590e41a4fa59e7daa74a4
diff --git a/trunk/drivers/scsi/gdth.c b/trunk/drivers/scsi/gdth.c
index 5a3f93101017..841101846b88 100644
--- a/trunk/drivers/scsi/gdth.c
+++ b/trunk/drivers/scsi/gdth.c
@@ -4177,6 +4177,14 @@ static int ioc_general(void __user *arg, char *cmnd)
     ha = gdth_find_ha(gen.ionode);
     if (!ha)
         return -EFAULT;
+
+    if (gen.data_len > INT_MAX)
+        return -EINVAL;
+    if (gen.sense_len > INT_MAX)
+        return -EINVAL;
+    if (gen.data_len + gen.sense_len > INT_MAX)
+        return -EINVAL;
+
     if (gen.data_len + gen.sense_len != 0) {
         if (!(buf = gdth_ioctl_alloc(ha, gen.data_len + gen.sense_len,
                                      FALSE, &paddr)))