Re: [PATCH] Fix sign checks in copy_from_read_buf() in 2.4
From: Marcelo Tosatti
Date: Wed Mar 23 2005 - 10:22:55 EST
Hi Horms,
On Wed, Mar 23, 2005 at 04:49:35PM +0900, Horms wrote:
> Applologies if this is already pending, but the signdness fix for
> copy_from_read_buf() in 2.6 seems to be needed for 2.4 as well.
>
> This relates to the bugs reported in this document
> http://www.guninski.com/where_do_you_want_billg_to_go_today_3.html
v2.4 does not suffer from the issue mentioned by Guninski because
the first argument of the arithmetic comparison is not casted
to a "signed" value:
n = min((ssize_t)*nr, n);
That was the problem in v2.6, where an unsigned value bigger than 2^31
would be treated as a negative signed.
Thanks anyway for pinging me, highly appreciated.
> --
> Horms
>
> Backport of copy_from_read_buf() signedness fix from 2.6
>
> Signed-off-by: Simon Horman <horms@xxxxxxxxxxxx>
>
> ===== drivers/char/n_tty.c 1.7 vs edited =====
> --- 1.7/drivers/char/n_tty.c 2004-12-16 22:57:23 +09:00
> +++ edited/drivers/char/n_tty.c 2005-03-23 13:08:37 +09:00
> @@ -1095,7 +1095,7 @@
>
> {
> int retval;
> - ssize_t n;
> + size_t n;
> unsigned long flags;
>
> retval = 0;
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/