| To: | wzt.wzt@xxxxxxxxx |
|---|---|
| Subject: | Re: [PATCH] xfs: Fix integer overflow in fs/xfs/linux-2.6/xfs_ioctl*.c |
| From: | Dave Chinner <david@xxxxxxxxxxxxx> |
| Date: | Thu, 25 Mar 2010 08:54:36 +1100 |
| Cc: | linux-kernel@xxxxxxxxxxxxxxx, xfs-masters@xxxxxxxxxxx, aelder@xxxxxxx |
| In-reply-to: | <20100317031947.GB2796@xxxxxxxxxxxxxxxxxxxxx> |
| References: | <20100317031947.GB2796@xxxxxxxxxxxxxxxxxxxxx> |
| User-agent: | Mutt/1.5.20 (2009-06-14) |
On Wed, Mar 17, 2010 at 11:19:47AM +0800, wzt.wzt@xxxxxxxxx wrote: > The am_hreq.opcount field in the xfs_attrmulti_by_handle() interface > is not bounded correctly. The opcount is used to determine the size > of the buffer required. The size is bounded, but can overflow and so > the size checks may not be sufficient to catch invalid opcounts. > Fix it by catching opcount values that would cause overflows before > calculating the size. > > Signed-off-by: Zhitong Wang <zhitong.wangzt@xxxxxxxxxxxxxxx> Looks good now. I'll queue it up with all the other pending changes I have. Cheers, Dave. -- Dave Chinner david@xxxxxxxxxxxxx |
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| ||
| Previous by Date: | [PATCH] xfs: Fix integer overflow in fs/xfs/linux-2.6/xfs_ioctl*.c, wzt . wzt |
|---|---|
| Next by Date: | [Bug 15516] Assertion failed: __xfs_iflags_test(ip, XFS_IRECLAIMABLE), bugzilla-daemon |
| Previous by Thread: | [PATCH] xfs: Fix integer overflow in fs/xfs/linux-2.6/xfs_ioctl*.c, wzt . wzt |
| Next by Thread: | [Bug 874] New: non-default extsize values introduces garbage into holey files, bugzilla-daemon |
| Indexes: | [Date] [Thread] [Top] [All Lists] |