| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 5 Mar 2009 08:04:09 +0100 From: Jens Axboe <jens.axboe@...cle.com> To: Roel Kluin <roel.kluin@...il.com> Cc: lkml <linux-kernel@...r.kernel.org>, Andrew Morton <akpm@...ux-foundation.org> Subject: Re: [PATCH] loop: don't increment p->offset with (size_t) -EINVAL On Wed, Mar 04 2009, Roel Kluin wrote: > Upon a 'transfer error block' size is set to -EINVAL, but this becomes positive > since size is unsigned: p->offset still gets incremented. > > Signed-off-by: Roel Kluin <roel.kluin@...il.com> > --- > diff --git a/drivers/block/loop.c b/drivers/block/loop.c > index edbaac6..bf03455 100644 > --- a/drivers/block/loop.c > +++ b/drivers/block/loop.c > @@ -392,8 +392,7 @@ lo_splice_actor(struct pipe_inode_info *pipe, struct pipe_buffer *buf, > struct loop_device *lo = p->lo; > struct page *page = buf->page; > sector_t IV; > - size_t size; > - int ret; > + int size, ret; > > ret = buf->ops->confirm(pipe, buf); > if (unlikely(ret)) Good catch! Applied. -- Jens Axboe -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists