[PATCH] mm: shmem: avoid overflowing in shmem_fallocate

From: Sasha Levin
Date: Wed Dec 03 2014 - 19:24:40 EST

Next message: Sasha Levin: "[PATCH] time: adjtimex: validate the ADJ_FREQUENCY case"
Previous message: Sasha Levin: "[PATCH v2] time: settimeofday: validate the values of tv from user"
Next in thread: Naoya Horiguchi: "Re: [PATCH] mm: shmem: avoid overflowing in shmem_fallocate"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

"offset + len" has the potential of overflowing. Validate this user input
first to avoid undefined behaviour.

Signed-off-by: Sasha Levin <sasha.levin@xxxxxxxxxx>
---
mm/shmem.c | 3 +++
1 file changed, 3 insertions(+)

diff --git a/mm/shmem.c b/mm/shmem.c
index 185836b..5a0e344 100644
--- a/mm/shmem.c
+++ b/mm/shmem.c
@@ -2098,6 +2098,9 @@ static long shmem_fallocate(struct file *file, int mode, loff_t offset,
}

/* We need to check rlimit even when FALLOC_FL_KEEP_SIZE */
+ error = -EOVERFLOW;
+ if ((u64)len + offset < (u64)len)
+ goto out;
error = inode_newsize_ok(inode, offset + len);
if (error)
goto out;
--
1.7.10.4

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Sasha Levin: "[PATCH] time: adjtimex: validate the ADJ_FREQUENCY case"
Previous message: Sasha Levin: "[PATCH v2] time: settimeofday: validate the values of tv from user"
Next in thread: Naoya Horiguchi: "Re: [PATCH] mm: shmem: avoid overflowing in shmem_fallocate"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]