[xfs-masters] [PATCH] xfs: Fix integer overflow in fs/xfs/linux-2.6/xfs_ioctl*.c
Dave Chinner
david at fromorbit.com
Wed Mar 24 16:54:36 CDT 2010
On Wed, Mar 17, 2010 at 11:19:47AM +0800, wzt.wzt at gmail.com wrote:
> The am_hreq.opcount field in the xfs_attrmulti_by_handle() interface
> is not bounded correctly. The opcount is used to determine the size
> of the buffer required. The size is bounded, but can overflow and so
> the size checks may not be sufficient to catch invalid opcounts.
> Fix it by catching opcount values that would cause overflows before
> calculating the size.
>
> Signed-off-by: Zhitong Wang <zhitong.wangzt at alibaba-inc.com>
Looks good now. I'll queue it up with all the other pending changes
I have.
Cheers,
Dave.
--
Dave Chinner
david at fromorbit.com
More information about the xfs-masters
mailing list