[rds-devel] [patch] rds: fix an integer overflow test in rds_info_getsockopt()
David Miller
davem at davemloft.net
Mon Aug 3 15:20:28 PDT 2015
From: Dan Carpenter <dan.carpenter at oracle.com>
Date: Sat, 1 Aug 2015 15:33:26 +0300
> "len" is a signed integer. We check that len is not negative, so it
> goes from zero to INT_MAX. PAGE_SIZE is unsigned long so the comparison
> is type promoted to unsigned long. ULONG_MAX - 4095 is a higher than
> INT_MAX so the condition can never be true.
>
> I don't know if this is harmful but it seems safe to limit "len" to
> INT_MAX - 4095.
>
> Fixes: a8c879a7ee98 ('RDS: Info and stats')
> Signed-off-by: Dan Carpenter <dan.carpenter at oracle.com>
Applied, thanks Dan.
More information about the rds-devel
mailing list