| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20260212143239.7039596a@pumpkin>
Date: Thu, 12 Feb 2026 14:32:39 +0000
From: David Laight <david.laight.linux@...il.com>
To: Andy Shevchenko <andriy.shevchenko@...el.com>
Cc: Dmitry Antipov <dmantipov@...dex.ru>, Andrew Morton
<akpm@...ux-foundation.org>, Kees Cook <kees@...nel.org>, "Darrick J .
Wong" <djwong@...nel.org>, linux-hardening@...r.kernel.org,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH v7 1/5] lib: fix _parse_integer_limit() to handle
overflow
On Thu, 12 Feb 2026 15:41:59 +0200
Andy Shevchenko <andriy.shevchenko@...el.com> wrote:
> On Thu, Feb 12, 2026 at 03:56:24PM +0300, Dmitry Antipov wrote:
> > In '_parse_integer_limit()', adjust native integer arithmetic
> > with near-to-overflow branch where 'check_mul_overflow()' and
> > 'check_add_overflow()' are used to check whether an intermediate
> > result goes out of range, and denote such a case with ULLONG_MAX,
> > thus making the function more similar to standard C library's
> > 'strtoull()'. Adjust comment to kernel-doc style as well.
>
> ...
>
> > + for (rv = 0; max_chars--; rv++, s++) {
>
> Hmm... is max_chars being used inside for-loop body? I would rather use regular
> pattern here:
>
> for (rv = 0; rv < max_chars; rv++, s++) {
>
> (just check that any integer / sign promotion doesn't change the logic).
>
The 'problem' is that the loop sets 'OVERFLOW' in rv.
But that is easily solved.
The smallest code is probably from the slightly horrid:
rv = max_chars;
lim = s + max_chars;
while (s < lim) {
ch = *s++;
..
}
return rv - (lim - s);
although that relies on max_chars being sane.
David
Powered by blists - more mailing lists