From mboxrd@z Thu Jan 1 00:00:00 1970 From: "Ray Lee" Subject: Re: Signed divides vs shifts (Re: [Security] /dev/urandom uses uninit bytes, leaks user data) Date: Mon, 17 Dec 2007 10:12:47 -0800 Message-ID: <2c0942db0712171012o613b2596x81f4a867e2b5c01@mail.gmail.com> References: <20071217185557.0b501e23.dada1@cosmosbay.com> <2c0942db0712171005w65bbb512p71a4f9b1fc65c6a7@mail.gmail.com> <20071217191017.117c61ff.dada1@cosmosbay.com> Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Return-path: Received: from nf-out-0910.google.com ([64.233.182.190]:47059 "EHLO nf-out-0910.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753340AbXLQSMv (ORCPT ); Mon, 17 Dec 2007 13:12:51 -0500 Received: by nf-out-0910.google.com with SMTP id g13so1231289nfb.21 for ; Mon, 17 Dec 2007 10:12:49 -0800 (PST) In-Reply-To: <20071217191017.117c61ff.dada1@cosmosbay.com> Content-Disposition: inline Sender: linux-sparse-owner@vger.kernel.org List-Id: linux-sparse@vger.kernel.org To: Eric Dumazet Cc: Linus Torvalds , Herbert Xu , John Reiser , Andrew Morton , security@kernel.org, tytso@mit.edu, Linux Kernel Mailing List , mpm@selenic.com, linux-sparse@vger.kernel.org On Dec 17, 2007 10:10 AM, Eric Dumazet wrote: > On Mon, 17 Dec 2007 10:05:35 -0800 > "Ray Lee" wrote: > > > On Dec 17, 2007 9:55 AM, Eric Dumazet wrote: > > > - mid = (last - first) / 2 + first; > > > + while (low <= high) { > > > + mid = (low + high) / 2; > > > > I think you just introduced a bug. Think about what happens if > > low=high=MAX_LONG/2 + 1. > > > > Fortunatly this is not possible :) > > Hint : sizeof(struct exception_table_entry) is >= 8 > > so high is garanteed to be <= MAX_LONG/8 Ah, my bad. One of these days I'll learn to not post before coffee.