[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <alpine.DEB.2.21.1907051230340.1802@nanos.tec.linutronix.de>
Date: Fri, 5 Jul 2019 14:14:55 +0200 (CEST)
From: Thomas Gleixner <tglx@...utronix.de>
To: zhengbin <zhengbin13@...wei.com>
cc: john.stultz@...aro.org, sboyd@...nel.org,
linux-kernel@...r.kernel.org, yi.zhang@...wei.com,
zhangxiaoxu5@...wei.com
Subject: Re: [PATCH] time: compat settimeofday: Validate the values of tv
from user
Zhengbin,
On Fri, 5 Jul 2019, zhengbin wrote:
> Similar to commit 6ada1fc0e1c4
> ("time: settimeofday: Validate the values of tv from user"),
> an unvalidated user input is multiplied by a constant, which can result
> in an undefined behaviour for large values. While this is validated
> later, we should avoid triggering undefined behaviour.
I surely agree with the patch, but the argument that this is validated
later and we just should avoid UB in general is just wrong.
For a wide range of negative tv_usec values the multiplication overflow
turns them in positive numbers. So the 'validated later' is not catching
the invalid input.
So 'should avoid ....' is just the wrong argument here.
Validation _is_ required before the multiplication so UB won't turn an
invalid value into a valid one.
Thanks,
tglx
Powered by blists - more mailing lists