On Wed, 22 Jan 2025 16:49:17 +0300 Dan Carpenter wrote: > The "payload" variable is type size_t, however the nlmsg_total_size() > function will a few bytes to it and then truncate the result to type > int. That means that if "payload" is more than UINT_MAX the alloc_skb() > function might allocate a buffer which is smaller than intended. Is there a bug, or is this theoretical?
