xiaomi-sm8450/android_kernel_xiaomi_sm8450

acct: fix potential integer overflow in encode_comp_t()

[ Upstream commit c5f31c655bcc01b6da53b836ac951c1556245305 ]

The integer overflow is descripted with following codes:
  > 317 static comp_t encode_comp_t(u64 value)
  > 318 {
  > 319         int exp, rnd;
    ......
  > 341         exp <<= MANTSIZE;
  > 342         exp += value;
  > 343         return exp;
  > 344 }

Currently comp_t is defined as type of '__u16', but the variable 'exp' is
type of 'int', so overflow would happen when variable 'exp' in line 343 is
greater than 65535.

Link: https://lkml.kernel.org/r/[email protected]
Signed-off-by: Zheng Yejian <[email protected]>
Cc: Hanjun Guo <[email protected]>
Cc: Randy Dunlap <[email protected]>
Cc: Vlastimil Babka <[email protected]>
Cc: Zhang Jinhao <[email protected]>
Signed-off-by: Andrew Morton <[email protected]>
Signed-off-by: Sasha Levin <[email protected]>

Zheng Yejian 4 years ago

parent

ec93b5430e

commit

6edd0cdee5

1 changed files with 2 additions and 0 deletions

Split View Show Diff Stats

						
							+ 2
							
							- 0
						
kernel/acct.c
							 
								View File
							
				@@ -331,6 +331,8 @@ static comp_t encode_comp_t(unsigned long value)
			
				 		exp++;
			
				 	}
			
				+	if (exp > (((comp_t) ~0U) >> MANTSIZE))
			
				+		return (comp_t) ~0U;
			
				 	/*
			
				 	 * Clean it up and polish it off.
			
				 	 */

acct: fix potential integer overflow in encode_comp_t()

+ 2 - 0 kernel/acct.c View File

+ 2 - 0
kernel/acct.c
View File