if (get_user(pathlen, &gfin->gf_pathlen))
RETURN(-EFAULT);
+ if (pathlen > PATH_MAX)
+ RETURN(-EINVAL);
+
outsize = sizeof(*gfout) + pathlen;
OBD_ALLOC(gfout, outsize);
if (gfout == NULL)
if (get_user(extent_count,
&((struct ll_user_fiemap __user *)arg)->fm_extent_count))
RETURN(-EFAULT);
+
+ if (extent_count >=
+ (SIZE_MAX - sizeof(*fiemap_s)) / sizeof(struct ll_fiemap_extent))
+ RETURN(-EINVAL);
num_bytes = sizeof(*fiemap_s) + (extent_count *
sizeof(struct ll_fiemap_extent));