[PATCH] Fix sign checks in copy_from_read_buf() in 2.4

[PATCH] Fix sign checks in copy_from_read_buf() in 2.4

[Horms]

Applologies if this is already pending, but the signdness fix for
copy_from_read_buf() in  2.6 seems to be needed for 2.4 as well.

This relates to the bugs reported in this document
http://www.guninski.com/where_do_you_want_billg_to_go_today_3.html

-- 
Horms

Backport of copy_from_read_buf() signedness fix from 2.6

Signed-off-by: Simon Horman <horms@verge.net.au>

===== drivers/char/n_tty.c 1.7 vs edited =====
--- 1.7/drivers/char/n_tty.c	2004-12-16 22:57:23 +09:00
+++ edited/drivers/char/n_tty.c	2005-03-23 13:08:37 +09:00
@@ -1095,7 +1095,7 @@
 
 {
 	int retval;
-	ssize_t n;
+	size_t n;
 	unsigned long flags;
 
 	retval = 0;

Re: [PATCH] Fix sign checks in copy_from_read_buf() in 2.4

[Marcelo Tosatti]

Hi Horms,

On Wed, Mar 23, 2005 at 04:49:35PM +0900, Horms wrote:
> Applologies if this is already pending, but the signdness fix for
> copy_from_read_buf() in  2.6 seems to be needed for 2.4 as well.
> 
> This relates to the bugs reported in this document
> http://www.guninski.com/where_do_you_want_billg_to_go_today_3.html

v2.4 does not suffer from the issue mentioned by Guninski because 
the first argument of the arithmetic comparison is not casted
to a "signed" value:

  n = min((ssize_t)*nr, n);

That was the problem in v2.6, where an unsigned value bigger than 2^31 
would be treated as a negative signed.

Thanks anyway for pinging me, highly appreciated.

> -- 
> Horms
> 
> Backport of copy_from_read_buf() signedness fix from 2.6
> 
> Signed-off-by: Simon Horman <horms@verge.net.au>
> 
> ===== drivers/char/n_tty.c 1.7 vs edited =====
> --- 1.7/drivers/char/n_tty.c	2004-12-16 22:57:23 +09:00
> +++ edited/drivers/char/n_tty.c	2005-03-23 13:08:37 +09:00
> @@ -1095,7 +1095,7 @@
>  
>  {
>  	int retval;
> -	ssize_t n;
> +	size_t n;
>  	unsigned long flags;
>  
>  	retval = 0;