| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAHk-=wiDkpCdOdEHeSHKVwr6d5RJdVn7mLZaJO-mZkR=7hYkCA@mail.gmail.com>
Date: Tue, 11 Dec 2018 10:19:08 -0800
From: Linus Torvalds <torvalds@...ux-foundation.org>
To: Andy Shevchenko <andriy.shevchenko@...ux.intel.com>
Cc: thomas.preston@...ethink.co.uk,
Andrew Morton <akpm@...ux-foundation.org>,
Petr Mladek <pmladek@...e.com>,
Steven Rostedt <rostedt@...dmis.org>, geert+renesas@...der.be,
Jonathan Corbet <corbet@....net>, tcharding <me@...in.cc>,
Sergey Senozhatsky <sergey.senozhatsky@...il.com>,
Linux List Kernel Mailing <linux-kernel@...r.kernel.org>,
ben.dooks@...ethink.co.uk
Subject: Re: [PATCH 2/2] vsprintf: Stop using obsolete simple_strtoul()
On Tue, Dec 11, 2018 at 10:05 AM Andy Shevchenko
<andriy.shevchenko@...ux.intel.com> wrote:
>
> I think it's slightly more complicated, I run the following test case on glibc:
>
> uint32_t hi, lo, t;
>
> sscanf("00fafafafa0d0b0b0b0c000000", "%8x%8x%x", &hi, &lo, &t);
>
> 64-bit:
> HI: 00fafafa LO: fa0d0b0b (c000000)
> 32-bit:
> HI: 00fafafa LO: fa0d0b0b (ffffffff)
But that's exactly the values my pseudo-code gets (well, my
"pseudo-code obviously just said
// Now do "sign" and range checking on val
The three sub-parts are: "00fafafa" "fa0d0b0b" and "0b0c000000"
and the third one encounters an overflow in "long" on 32-bit, so it
turns into ~0.
And yes, the 64-bit "long" in that third value gets truncated to
"uint32" when written to "t" (which is wht that "0b" part just gets
lost.
And that's just because of historical C scanf behavior. There's no
overflow checking in "int". Only in "long" and "long long".
Linus
Powered by blists - more mailing lists