| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 2 Feb 2015 16:02:31 +0300 From: Dan Carpenter <dan.carpenter@...cle.com> To: green@...uxhacker.ru Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>, devel@...verdev.osuosl.org, Andreas Dilger <andreas.dilger@...el.com>, Oleg Drokin <oleg.drokin@...el.com>, Dmitry Eremin <dmitry.eremin@...el.com>, Linux Kernel Mailing List <linux-kernel@...r.kernel.org> Subject: Re: [PATCH 06/20] staging/lustre: fix comparison between signed and unsigned On Sun, Feb 01, 2015 at 09:52:05PM -0500, green@...uxhacker.ru wrote: > From: Dmitry Eremin <dmitry.eremin@...el.com> > > Expression if (size != (ssize_t)size) is always false. > Therefore no bounds check errors detected. The original code actually worked as designed. The integer overflow could only happen on 32 bit systems and the test only was true for 32 bit systems. > - if (size != (ssize_t)size) > + if (size > ~((size_t)0)>>1) > return -1; The problem is that the code was unclear. I think the new code is even more complicated to look at. regards, dan carpenter -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists