| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 14 Dec 2012 00:04:15 +0200 From: Sami Liedes <sami.liedes@....fi> To: linux-ext4@...r.kernel.org Subject: [PATCH 3/8] e2fsck/pass1.c: Fix undefined behavior in check_blocks() The offending code is this: pb.max_blocks = 1 << (31 - fs->super->s_log_block_size); While pb.max_blocks is of type blk64_t, the intermediate result of the expression '1 << 31' is int. However 1 << 31 does not fit in a 32-bit signed int, causing undefined behavior. Caught using clang -fsanitize=undefined. Signed-off-by: Sami Liedes <sami.liedes@....fi> --- e2fsck/pass1.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/e2fsck/pass1.c b/e2fsck/pass1.c index a4bd956..9cd8832 100644 --- a/e2fsck/pass1.c +++ b/e2fsck/pass1.c @@ -2095,7 +2095,7 @@ static void check_blocks(e2fsck_t ctx, struct problem_context *pctx, pb.previous_block = 0; pb.is_dir = LINUX_S_ISDIR(inode->i_mode); pb.is_reg = LINUX_S_ISREG(inode->i_mode); - pb.max_blocks = 1 << (31 - fs->super->s_log_block_size); + pb.max_blocks = ((blk64_t)1) << (31 - fs->super->s_log_block_size); pb.inode = inode; pb.pctx = pctx; pb.ctx = ctx; -- 1.7.10.4 -- To unsubscribe from this list: send the line "unsubscribe linux-ext4" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists