| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 28 Aug 2019 11:25:56 -0400
From: "Theodore Y. Ts'o" <tytso@....edu>
To: Jan Kara <jack@...e.cz>
Cc: "zhangyi (F)" <yi.zhang@...wei.com>, linux-ext4@...r.kernel.org,
adilger.kernel@...ger.ca
Subject: Re: [PATCH] ext4: fix integer overflow when calculating commit
interval
On Mon, Aug 26, 2019 at 05:30:14PM +0200, Jan Kara wrote:
> On Mon 26-08-19 22:35:47, zhangyi (F) wrote:
> > If user specify a large enough value of "commit=" option, it may trigger
> > signed integer overflow which may lead to sbi->s_commit_interval becomes
> > a large or small value, zero in particular.
> >
> > UBSAN: Undefined behaviour in ../fs/ext4/super.c:1592:31
> > signed integer overflow:
> > 536870912 * 1000 cannot be represented in type 'int'
> > [...]
> > Call trace:
> > [...]
> > [<ffffff9008a2d120>] ubsan_epilogue+0x34/0x9c lib/ubsan.c:166
> > [<ffffff9008a2d8b8>] handle_overflow+0x228/0x280 lib/ubsan.c:197
> > [<ffffff9008a2d95c>] __ubsan_handle_mul_overflow+0x4c/0x68 lib/ubsan.c:218
> > [<ffffff90086d070c>] handle_mount_opt fs/ext4/super.c:1592 [inline]
> > [<ffffff90086d070c>] parse_options+0x1724/0x1a40 fs/ext4/super.c:1773
> > [<ffffff90086d51c4>] ext4_remount+0x2ec/0x14a0 fs/ext4/super.c:4834
> > [...]
> >
> > Although it is not a big deal, still silence the UBSAN by limit the
> > input value.
> >
> > Signed-off-by: zhangyi (F) <yi.zhang@...wei.com>
>
> Looks good to me. You can add:
>
> Reviewed-by: Jan Kara <jack@...e.cz>
Thanks, applied.
- Ted
Powered by blists - more mailing lists