~hc/RK356X_SDK_RELEASE.git

..	..	@@ -7276,10 +7276,10 @@
7276	7276	/*
7277	7277	* Check that we don't overflow at later allocations, we request
7278	7278	* clone_sources_count + 1 items, and compare to unsigned long inside
7279		- * access_ok.
	7279	+ * access_ok. Also set an upper limit for allocation size so this can't
	7280	+ * easily exhaust memory. Max number of clone sources is about 200K.
7280	7281	*/
7281		- if (arg->clone_sources_count >
7282		- ULONG_MAX / sizeof(struct clone_root) - 1) {
	7282	+ if (arg->clone_sources_count > SZ_8M / sizeof(struct clone_root)) {
7283	7283	ret = -EINVAL;
7284	7284	goto out;
7285	7285	}