From: "H. Peter Anvin" <hpa@zytor.com>
To: Geert Uytterhoeven <geert@linux-m68k.org>
Cc: David Herrmann <dh.herrmann@gmail.com>,
Tom Gundersen <teg@jklm.no>,
the arch/x86 maintainers <x86@kernel.org>,
linux-kernel <linux-kernel@vger.kernel.org>,
Ingo Molnar <mingo@redhat.com>,
Thomas Gleixner <tglx@linutronix.de>
Subject: Re: [PATCH] x86: simplefb: avoid overflow
Date: Fri, 06 Sep 2013 04:08:43 -0700 [thread overview]
Message-ID: <5229B7BB.5020804@zytor.com> (raw)
In-Reply-To: <CAMuHMdUEjLSRoSHdQUACupxiJ_GxMXSzk-KsMA5ep55sxNT3kw@mail.gmail.com>
On 09/06/2013 03:59 AM, Geert Uytterhoeven wrote:
> On Fri, Sep 6, 2013 at 11:55 AM, David Herrmann <dh.herrmann@gmail.com> wrote:
>> On Fri, Sep 6, 2013 at 11:32 AM, Tom Gundersen <teg@jklm.no> wrote:
>>> lfb_size can easily be say 4M, which would make the bitshit overflow and
>>> the test fail.
>>>
>>> Signed-off-by: Tom Gundersen <teg@jklm.no>
>>> Cc: David Herrmann <dh.herrmann@gmail.com>
>>> Cc: H. Peter Anvin <hpa@zytor.com>
>>> ---
>>> arch/x86/kernel/sysfb_simplefb.c | 2 +-
>>> 1 file changed, 1 insertion(+), 1 deletion(-)
>>>
>>> diff --git a/arch/x86/kernel/sysfb_simplefb.c b/arch/x86/kernel/sysfb_simplefb.c
>>> index 22513e9..fff44a5 100644
>>> --- a/arch/x86/kernel/sysfb_simplefb.c
>>> +++ b/arch/x86/kernel/sysfb_simplefb.c
>>> @@ -72,7 +72,7 @@ __init int create_simplefb(const struct screen_info *si,
>>> * the part that is occupied by the framebuffer */
>>> len = mode->height * mode->stride;
>>> len = PAGE_ALIGN(len);
>>> - if (len > si->lfb_size << 16) {
>>> + if (len > ((unsigned long) si->lfb_size) << 16) {
>
> On 32-bit, "unsigned long" is the same size as __u32, so this doesn't
> make any difference.
>
>> Nice catch. vesafb uses "lfb_size * 65535" which causes an implicit
>> cast. I thought <<16 looks nicer but that doesn't do any implicit
>> cast..
>
> "lfb_size * 65535" is the same. "lfb_size" is __u32, "65535" is int.
> So there's no implicit cast. Or am I missing something?
>
<< 16 is * 65536 not 65535...
-hpa
next prev parent reply other threads:[~2013-09-06 11:09 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-09-06 9:32 [PATCH] x86: simplefb: avoid overflow Tom Gundersen
2013-09-06 9:55 ` David Herrmann
2013-09-06 10:59 ` Geert Uytterhoeven
2013-09-06 11:08 ` H. Peter Anvin [this message]
2013-09-06 11:15 ` Geert Uytterhoeven
2013-09-06 11:24 ` David Herrmann
2013-09-06 11:57 ` Tom Gundersen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5229B7BB.5020804@zytor.com \
--to=hpa@zytor.com \
--cc=dh.herrmann@gmail.com \
--cc=geert@linux-m68k.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=teg@jklm.no \
--cc=tglx@linutronix.de \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.