[AMD64] Possible bug in fs/read_write.c::rw_verify_area
From: Bruno Ducrot (poup_at_poupinou.org)
Date: 11/09/05
- Previous message: GlobalDesign: "DO NOT WASTE YOUR TIME, READ!"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Wed, 9 Nov 2005 11:37:01 +0100 To: linux-kernel@vger.kernel.org
Hi all,
fs/read_write.c::rw_verify_area check if the count for a read/write is
valid. Unfortunately, this check assume that a size_t is an int, which
is wrong at least on AMD64 architecture.
This fix is not correct also in general: it is wrong to assume
that size_t is a long int. A correct fix would be to introduce
a new constant (say SSIZE_MAX) for each supported architecture
and to use that contstant instead. I'm not an expert on this and
it is why I don't do it (sorry). But at least the following patch
is ok for more achitecture, I believe.
Signed-off-by: Bruno Ducrot <ducrot@poupinou.org>
--- linux-2.6.14/fs/read_write.c 2005/11/09 10:19:04 1.1
+++ linux-2.6.14/fs/read_write.c 2005/11/09 10:19:40
@@ -188,7 +188,7 @@ int rw_verify_area(int read_write, struc
struct inode *inode;
loff_t pos;
- if (unlikely(count > INT_MAX))
+ if (unlikely(count > LONG_MAX))
goto Einval;
pos = *ppos;
if (unlikely((pos < 0) || (loff_t) (pos + count) < 0))
-- Bruno Ducrot -- Which is worse: ignorance or apathy? -- Don't know. Don't care. - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
- Previous message: GlobalDesign: "DO NOT WASTE YOUR TIME, READ!"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
|
