lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <b4d8649c-5cda-42da-8b6c-058bd42b3484@astralinux.ru>
Date: Thu, 1 Feb 2024 15:01:20 +0300
From: Анастасия Любимова
 <abelova@...ralinux.ru>
To: Anders Larsen <al@...rsen.net>
Cc: linux-kernel@...r.kernel.org, lvc-project@...uxtesting.org
Subject: Re: [PATCH] qnx4: add upcasting to avoid overflow

Just a friendly reminder.

23/11/23 13:06, Anastasia Belova пишет:
> To avoid possible integer overflow in qnx4_statfs
> cast literal to unsigned long. Otherwise multiplication
> of two u32 may give a value that is outside of the range.
>
> Found by Linux Verification Center (linuxtesting.org) with SVACE.
>
> Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
> Signed-off-by: Anastasia Belova <abelova@...ralinux.ru>
> ---
>   fs/qnx4/inode.c | 2 +-
>   1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/fs/qnx4/inode.c b/fs/qnx4/inode.c
> index 6eb9bb369b57..4be8dba60567 100644
> --- a/fs/qnx4/inode.c
> +++ b/fs/qnx4/inode.c
> @@ -133,7 +133,7 @@ static int qnx4_statfs(struct dentry *dentry, struct kstatfs *buf)
>   
>   	buf->f_type    = sb->s_magic;
>   	buf->f_bsize   = sb->s_blocksize;
> -	buf->f_blocks  = le32_to_cpu(qnx4_sb(sb)->BitMap->di_size) * 8;
> +	buf->f_blocks  = le32_to_cpu(qnx4_sb(sb)->BitMap->di_size) * 8ul;
>   	buf->f_bfree   = qnx4_count_free_blocks(sb);
>   	buf->f_bavail  = buf->f_bfree;
>   	buf->f_namelen = QNX4_NAME_MAX;



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ