| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <aYS_s0lleaOWeYud@smile.fi.intel.com>
Date: Thu, 5 Feb 2026 18:05:07 +0200
From: Andy Shevchenko <andriy.shevchenko@...el.com>
To: Dmitry Antipov <dmantipov@...dex.ru>
Cc: Andrew Morton <akpm@...ux-foundation.org>, Kees Cook <kees@...nel.org>,
"Darrick J . Wong" <djwong@...nel.org>,
linux-hardening@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH v5 2/5] lib: fix memparse() to handle overflow
On Thu, Feb 05, 2026 at 12:17:16PM +0300, Dmitry Antipov wrote:
> On Wed, 2026-02-04 at 16:42 +0200, Andy Shevchenko wrote:
> > On Wed, Feb 04, 2026 at 04:57:14PM +0300, Dmitry Antipov wrote:
> > > Since '_parse_integer_limit()' (and so 'simple_strtoull()') is now
> > > capable to handle overflow, adjust 'memparse()' to handle overflow
> > > (denoted by ULLONG_MAX) returned from 'simple_strtoull()'. Also
> > > use 'check_shl_overflow()' to catch an overflow possibly caused
> > > by processing size suffix and denote it with ULLONG_MAX as well.
> >
> > Do we have already test cases to cover this?
>
> In
>
> static const struct cmdline_test_memparse_entry testdata[] = {
> ...
> { "1111111111111111111T", "", ULLONG_MAX },
> ...
> };
>
> the whole string is valid and so should be recognized by memparse(). Next,
> 1111111111111111111 fits unsigned long long but 1111111111111111111 << 40
> is too large and should be catched by check_shl_overflow().
But if there is a case already, how does it pass?
My understanding is that if we modify the code behaviour the test cases should
be amended at the same time. I guess I missed something here.
--
With Best Regards,
Andy Shevchenko
Powered by blists - more mailing lists