Alan Cox wrote:
> On Mon, 2002-07-22 at 15:08, Marcin Dalecki wrote:
>
>>- It is fixing completely confused wild casting to 32 bits.
>>
>>- Actually adding a comment explaining the obscure code, which is
>> relying on integer arithmetics overflow.
>
>
> Better yet take the code from 2.4.19-rc3. The code you fixed up is still
> wrong. Sincie iov_len is not permitted to exceed 2Gb (SuS v3, found by
> the LSB test suite) the actual fix turns out to be even simpler and
> cleaner than the one you did
You are right. It makes sese, since readv and writev are
supposed to return ssize_t. Fixed patch version attached.
--------------090509090901060700070806
Content-Type: text/plain;
name="read_write-2.5.27.diff"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
filename="read_write-2.5.27.diff"
diff -urN linux-2.5.27/fs/read_write.c linux/fs/read_write.c
--- linux-2.5.27/fs/read_write.c 2002-07-22 17:51:25.000000000 +0200
+++ linux/fs/read_write.c 2002-07-22 17:57:22.000000000 +0200
@@ -306,12 +306,16 @@
tot_len = 0;
ret = -EINVAL;
for (i = 0 ; i < count ; i++) {
- size_t tmp = tot_len;
- int len = iov[i].iov_len;
+ ssize_t tmp = tot_len;
+ ssize_t len = iov[i].iov_len;
+
+ /* check for SSIZE_MAX overflow */
if (len < 0)
goto out;
- (u32)tot_len += len;
- if (tot_len < tmp || tot_len < (u32)len)
+
+ tot_len += len;
+ /* check for overflows */
+ if (tot_len < tmp)
goto out;
}
--------------090509090901060700070806--
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/