| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <aV6ye_vv_0N-SsLu@smile.fi.intel.com> Date: Wed, 7 Jan 2026 21:22:35 +0200 From: Andy Shevchenko <andriy.shevchenko@...el.com> To: Dmitry Antipov <dmantipov@...dex.ru> Cc: Carlos Maiolino <cem@...nel.org>, Christoph Hellwig <hch@...radead.org>, Kees Cook <kees@...nel.org>, Andy Shevchenko <andy@...nel.org>, Andrew Morton <akpm@...ux-foundation.org>, linux-xfs@...r.kernel.org, linux-hardening@...r.kernel.org Subject: Re: [PATCH] lib: introduce simple error-checking wrapper for memparse() On Wed, Jan 07, 2026 at 09:36:13PM +0300, Dmitry Antipov wrote: > Introduce 'memvalue()' which uses 'memparse()' to parse a string with > optional memory suffix into a number and returns this number or ULLONG_MAX > if the number is negative or an unrecognized character was encountered. Reading the second patch in the series I do not think this one even needed. The problem in the original code is that int *res, _res; ... *res = _res << something; This is a UB for _res < 0. So, the code should never handle negative numbers to begin with. That said the existing memparse() can be used directly. If I missed something, it's because the commit message here is poorly written in regard to negative number parsing. -- With Best Regards, Andy Shevchenko
Powered by blists - more mailing lists