--- zzzz-none-000/linux-2.6.19.2/net/bridge/br_ioctl.c	2007-01-10 19:10:37.000000000 +0000
+++ davinci-8020-5505/linux-2.6.19.2/net/bridge/br_ioctl.c	2007-01-11 07:38:19.000000000 +0000
@@ -58,13 +58,12 @@
 {
 	int num;
 	void *buf;
-	size_t size;
+	size_t size = maxnum * sizeof(struct __fdb_entry);
 
-	/* Clamp size to PAGE_SIZE, test maxnum to avoid overflow */
-	if (maxnum > PAGE_SIZE/sizeof(struct __fdb_entry))
+	if (size > PAGE_SIZE) {
+		size = PAGE_SIZE;
 		maxnum = PAGE_SIZE/sizeof(struct __fdb_entry);
-
-	size = maxnum * sizeof(struct __fdb_entry);
+	}
 
 	buf = kmalloc(size, GFP_USER);
 	if (!buf)