I think you sure know linux kernel patches from grsecurity. In follow tweet you can read about size overflow in patch from grsec. Tweet was in the meanwhile deleted. So what is the problem in this patch? When you change int (signed value) to size_t (unsigned value), you have to be sure you are saving unsigned value. room = N_TTY_BUF_SIZE - (ldata->read_head - tail); And what happens when the right site will have negative value?...
::::::::::. :::::::.. :::.,:::::: ::: ... . : `;;;```.;;;;;;;``;;;; ;;;;;;;'''' ;;; .;;;;;;;. ;;,. ;;; `]]nnn]]' [[[,/[[[' [[[ [[cccc [[[ ,[[ \[[,[[[[, ,[[[[, $$$"" $$$$$$c $$$ $$"""" $$' $$$, $$$$$$$$$$$"$$$ 888o 888b "88bo,888 888oo,__ o88oo,.__"888,_ _,88P888 Y88" 888o YMMMb MMMM "W" MMM """"YUMMM""""YUMMM "YMMMMMP" MMM M' "MMM prielom #1, 6.1.98, prielom(at)hysteria.sk, http://hysteria.sk/prielom/ intro vianocny kapor bol super, ze ? ked som na stedry den tlacil do hlavy vyprazaneho kapra, bola este fajn atmoska, ked som sa vsak potom vramci po-vianocnych rodinnych navstev musel pozerat na spontanne-slintajucu babicku, sxizoidnu tetu a ozraleho stryka a potom nastupit po novom roku do roboty, bolo po nalade....