| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20220915054909.81394-1-jiapeng.chong@linux.alibaba.com>
Date: Thu, 15 Sep 2022 13:49:09 +0800
From: Jiapeng Chong <jiapeng.chong@...ux.alibaba.com>
To: axboe@...nel.dk
Cc: asml.silence@...il.com, io-uring@...r.kernel.org,
linux-kernel@...r.kernel.org,
Jiapeng Chong <jiapeng.chong@...ux.alibaba.com>,
Abaci Robot <abaci@...ux.alibaba.com>
Subject: [PATCH] io_uring: rw: Fix an unsigned comparison which can never be negative
The parameter 'res' is defined as unsigned type, so the following if
statement is invalid, we can modify the type of res to long.
if (res < 0)
res = io->bytes_done;
else
res += io->bytes_done;
io_uring/rw.c:265 io_fixup_rw_res() warn: unsigned 'res' is never less than zero.
Link: https://bugzilla.openanolis.cn/show_bug.cgi?id=2184
Reported-by: Abaci Robot <abaci@...ux.alibaba.com>
Signed-off-by: Jiapeng Chong <jiapeng.chong@...ux.alibaba.com>
---
io_uring/rw.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/io_uring/rw.c b/io_uring/rw.c
index b777c35378b9..08d88481153c 100644
--- a/io_uring/rw.c
+++ b/io_uring/rw.c
@@ -256,7 +256,7 @@ static bool __io_complete_rw_common(struct io_kiocb *req, long res)
return false;
}
-static inline unsigned io_fixup_rw_res(struct io_kiocb *req, unsigned res)
+static inline unsigned io_fixup_rw_res(struct io_kiocb *req, long res)
{
struct io_async_rw *io = req->async_data;
--
2.20.1.7.g153144c
Powered by blists - more mailing lists