From: Jan Kara <jack@suse.cz>
To: Dan Carpenter <error27@gmail.com>
Cc: Jan Kara <jack@suse.cz>, Pekka Enberg <penberg@cs.helsinki.fi>,
Hannes Eder <hannes@hanneseder.net>,
Akinobu Mita <akinobu.mita@gmail.com>,
Al Viro <viro@zeniv.linux.org.uk>,
linux-kernel@vger.kernel.org, kernel-janitors@vger.kernel.org
Subject: Re: [patch] udf: potential integer overflow
Date: Mon, 15 Mar 2010 12:08:32 +0000 [thread overview]
Message-ID: <20100315120832.GA4151@quack.suse.cz> (raw)
In-Reply-To: <20100315082113.GC18181@bicker>
On Mon 15-03-10 11:21:13, Dan Carpenter wrote:
> bloc->logicalBlockNum is unsigned so it's never less than zero.
>
> When I saw that, it made me worry that "bloc->logicalBlockNum + count"
> could overflow. That's why I changed the check for less than zero
> to an overflow check. (The test works because "count" is also
> unsigned.)
>
> Signed-off-by: Dan Carpenter <error27@gmail.com>
Thanks. Merged.
> ---
> GCC 4.1 apparently optimizes overflow checks like this away, but it should
> work for other versions of gcc. I tested with GCC 4.3.
> http://www.fefe.de/intof.html
It should only optimize them out for signed types (moreover kernel has
this optimization turned off so it's a non-issue for us anyway).
Honza
--
Jan Kara <jack@suse.cz>
SUSE Labs, CR
WARNING: multiple messages have this Message-ID (diff)
From: Jan Kara <jack@suse.cz>
To: Dan Carpenter <error27@gmail.com>
Cc: Jan Kara <jack@suse.cz>, Pekka Enberg <penberg@cs.helsinki.fi>,
Hannes Eder <hannes@hanneseder.net>,
Akinobu Mita <akinobu.mita@gmail.com>,
Al Viro <viro@zeniv.linux.org.uk>,
linux-kernel@vger.kernel.org, kernel-janitors@vger.kernel.org
Subject: Re: [patch] udf: potential integer overflow
Date: Mon, 15 Mar 2010 13:08:32 +0100 [thread overview]
Message-ID: <20100315120832.GA4151@quack.suse.cz> (raw)
In-Reply-To: <20100315082113.GC18181@bicker>
On Mon 15-03-10 11:21:13, Dan Carpenter wrote:
> bloc->logicalBlockNum is unsigned so it's never less than zero.
>
> When I saw that, it made me worry that "bloc->logicalBlockNum + count"
> could overflow. That's why I changed the check for less than zero
> to an overflow check. (The test works because "count" is also
> unsigned.)
>
> Signed-off-by: Dan Carpenter <error27@gmail.com>
Thanks. Merged.
> ---
> GCC 4.1 apparently optimizes overflow checks like this away, but it should
> work for other versions of gcc. I tested with GCC 4.3.
> http://www.fefe.de/intof.html
It should only optimize them out for signed types (moreover kernel has
this optimization turned off so it's a non-issue for us anyway).
Honza
--
Jan Kara <jack@suse.cz>
SUSE Labs, CR
next prev parent reply other threads:[~2010-03-15 12:08 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-03-15 8:21 [patch] udf: potential integer overflow Dan Carpenter
2010-03-15 8:21 ` Dan Carpenter
2010-03-15 12:08 ` Jan Kara [this message]
2010-03-15 12:08 ` Jan Kara
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20100315120832.GA4151@quack.suse.cz \
--to=jack@suse.cz \
--cc=akinobu.mita@gmail.com \
--cc=error27@gmail.com \
--cc=hannes@hanneseder.net \
--cc=kernel-janitors@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=penberg@cs.helsinki.fi \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.