| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <aXOcjQqvE3TNUlel@smile.fi.intel.com>
Date: Fri, 23 Jan 2026 18:06:37 +0200
From: Andy Shevchenko <andriy.shevchenko@...el.com>
To: Dmitry Antipov <dmantipov@...dex.ru>
Cc: Andrew Morton <akpm@...ux-foundation.org>, Kees Cook <kees@...nel.org>,
"Darrick J . Wong" <djwong@...nel.org>,
linux-hardening@...r.kernel.org
Subject: Re: [PATCH v2 1/3] lib: fix _parse_integer_limit() to handle overflow
On Fri, Jan 23, 2026 at 02:46:45PM +0300, Dmitry Antipov wrote:
> In '_parse_integer_limit()', replace native integer arithmetic with
> 'check_mul_overflow()' and 'check_add_overflow()' to check whether
> an intermediate result goes out of range, and denote such a case
> with ULLONG_MAX. Adjust comment to kernel-doc style as well.
Probably you also wanted to say that this is to be aligned with libc behaviour
of strto*()?
...
> /*
> + * Accumulate result if no overflow detected.
> + * Otherwise just consume valid characters.
> */
> + if (res != ULLONG_MAX) {
Here I would put another comment explaining that the order operations matters
(has a side effect), id est the result of the first one is used in the second
one.
/*
* Keep an eye on the order.
*
* @tmp is being used in the second operation,
* if the first one succeeds.
*/
> + if (check_mul_overflow(res, base, &tmp) ||
> + check_add_overflow(tmp, val, &res)) {
> + res = ULLONG_MAX;
> rv |= KSTRTOX_OVERFLOW;
> + }
> }
--
With Best Regards,
Andy Shevchenko
Powered by blists - more mailing lists