lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <6b963674-fc5a-4abb-8678-a82d35a3f3fd@kadam.mountain>
Date:   Mon, 3 Jul 2023 15:42:29 +0300
From:   Dan Carpenter <dan.carpenter@...aro.org>
To:     Arnd Bergmann <arnd@...nel.org>
Cc:     Chuck Lever <chuck.lever@...cle.com>,
        Jeff Layton <jlayton@...nel.org>,
        Trond Myklebust <trond.myklebust@...merspace.com>,
        Anna Schumaker <anna@...nel.org>,
        Arnd Bergmann <arnd@...db.de>, Neil Brown <neilb@...e.de>,
        Olga Kornievskaia <kolga@...app.com>,
        Dai Ngo <Dai.Ngo@...cle.com>, Tom Talpey <tom@...pey.com>,
        Nathan Chancellor <nathan@...nel.org>,
        Nick Desaulniers <ndesaulniers@...gle.com>,
        Tom Rix <trix@...hat.com>, Dan Carpenter <error27@...il.com>,
        linux-nfs@...r.kernel.org, linux-kernel@...r.kernel.org,
        llvm@...ts.linux.dev
Subject: Re: [PATCH] sunrpc: avoid constant-out-of-range warning with clang

On Mon, Jul 03, 2023 at 01:37:22PM +0200, Arnd Bergmann wrote:
> From: Arnd Bergmann <arnd@...db.de>
> 
> The overflow check in xdr_stream_decode_uint32_array() was added for
> 32-bit systems, but on 64-bit builds it causes a build warning when
> building with clang and W=1:
> 
> In file included from init/do_mounts.c:22:
> include/linux/sunrpc/xdr.h:778:10: error: result of comparison of constant 4611686018427387903 with expression of type '__u32' (aka 'unsigned int') is always false [-Werror,-Wtautological-constant-out-of-range-compare]
>   778 |         if (len > SIZE_MAX / sizeof(*p))
> 
> Shut up the warning with a type cast.
> 
> Fixes: 23a9dbbe0faf1 ("NFSD: prevent integer overflow on 32 bit systems")
> Signed-off-by: Arnd Bergmann <arnd@...db.de>
> ---
>  include/linux/sunrpc/xdr.h | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/include/linux/sunrpc/xdr.h b/include/linux/sunrpc/xdr.h
> index f89ec4b5ea169..6736121ee6a03 100644
> --- a/include/linux/sunrpc/xdr.h
> +++ b/include/linux/sunrpc/xdr.h
> @@ -775,7 +775,7 @@ xdr_stream_decode_uint32_array(struct xdr_stream *xdr,
>  
>  	if (unlikely(xdr_stream_decode_u32(xdr, &len) < 0))
>  		return -EBADMSG;
> -	if (len > SIZE_MAX / sizeof(*p))
> +	if ((size_t)len > SIZE_MAX / sizeof(*p))
>  		return -EBADMSG;
>  	p = xdr_inline_decode(xdr, len * sizeof(*p));

I sent a patch for this last week that takes a different approach.

https://lore.kernel.org/all/2390fdc8-13fa-4456-ab67-44f0744db412@moroto.mountain/

I probably should have used a Fixes tag just for informational purposes.

regards,
dan carpenter

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ