* [patch] USB: usbtest: prevent a divide by zero bug
@ 2012-11-17 15:06 Dan Carpenter
2012-11-17 17:48 ` walter harms
` (2 more replies)
0 siblings, 3 replies; 4+ messages in thread
From: Dan Carpenter @ 2012-11-17 15:06 UTC (permalink / raw)
To: kernel-janitors
If param->length is zero, then this could lead to a divide by zero bug
later in the function when we do: size %= max;
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
diff --git a/drivers/usb/misc/usbtest.c b/drivers/usb/misc/usbtest.c
index f10bd97..7667b12 100644
--- a/drivers/usb/misc/usbtest.c
+++ b/drivers/usb/misc/usbtest.c
@@ -423,6 +423,9 @@ alloc_sglist(int nents, int max, int vary)
unsigned i;
unsigned size = max;
+ if (max = 0)
+ return NULL;
+
sg = kmalloc_array(nents, sizeof *sg, GFP_KERNEL);
if (!sg)
return NULL;
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [patch] USB: usbtest: prevent a divide by zero bug
2012-11-17 15:06 [patch] USB: usbtest: prevent a divide by zero bug Dan Carpenter
@ 2012-11-17 17:48 ` walter harms
2012-11-17 18:10 ` Dan Carpenter
2012-11-20 17:44 ` Sebastian Andrzej Siewior
2 siblings, 0 replies; 4+ messages in thread
From: walter harms @ 2012-11-17 17:48 UTC (permalink / raw)
To: kernel-janitors
Am 17.11.2012 16:06, schrieb Dan Carpenter:
> If param->length is zero, then this could lead to a divide by zero bug
> later in the function when we do: size %= max;
>
> Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
>
> diff --git a/drivers/usb/misc/usbtest.c b/drivers/usb/misc/usbtest.c
> index f10bd97..7667b12 100644
> --- a/drivers/usb/misc/usbtest.c
> +++ b/drivers/usb/misc/usbtest.c
> @@ -423,6 +423,9 @@ alloc_sglist(int nents, int max, int vary)
> unsigned i;
> unsigned size = max;
>
> + if (max = 0)
> + return NULL;
> +
maybe you should be more defensive and check from (max <= 0)
re,
wh
> sg = kmalloc_array(nents, sizeof *sg, GFP_KERNEL);
> if (!sg)
> return NULL;
> --
> To unsubscribe from this list: send the line "unsubscribe kernel-janitors" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
>
>
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [patch] USB: usbtest: prevent a divide by zero bug
2012-11-17 15:06 [patch] USB: usbtest: prevent a divide by zero bug Dan Carpenter
2012-11-17 17:48 ` walter harms
@ 2012-11-17 18:10 ` Dan Carpenter
2012-11-20 17:44 ` Sebastian Andrzej Siewior
2 siblings, 0 replies; 4+ messages in thread
From: Dan Carpenter @ 2012-11-17 18:10 UTC (permalink / raw)
To: kernel-janitors
On Sat, Nov 17, 2012 at 06:48:55PM +0100, walter harms wrote:
>
>
> Am 17.11.2012 16:06, schrieb Dan Carpenter:
> > If param->length is zero, then this could lead to a divide by zero bug
> > later in the function when we do: size %= max;
> >
> > Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
> >
> > diff --git a/drivers/usb/misc/usbtest.c b/drivers/usb/misc/usbtest.c
> > index f10bd97..7667b12 100644
> > --- a/drivers/usb/misc/usbtest.c
> > +++ b/drivers/usb/misc/usbtest.c
> > @@ -423,6 +423,9 @@ alloc_sglist(int nents, int max, int vary)
> > unsigned i;
> > unsigned size = max;
> >
> > + if (max = 0)
> > + return NULL;
> > +
>
> maybe you should be more defensive and check from (max <= 0)
>
Nah... Testing for = 0 is ok.
regards,
dan carpenter
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [patch] USB: usbtest: prevent a divide by zero bug
2012-11-17 15:06 [patch] USB: usbtest: prevent a divide by zero bug Dan Carpenter
2012-11-17 17:48 ` walter harms
2012-11-17 18:10 ` Dan Carpenter
@ 2012-11-20 17:44 ` Sebastian Andrzej Siewior
2 siblings, 0 replies; 4+ messages in thread
From: Sebastian Andrzej Siewior @ 2012-11-20 17:44 UTC (permalink / raw)
To: kernel-janitors
On Sat, Nov 17, 2012 at 09:10:56PM +0300, Dan Carpenter wrote:
> On Sat, Nov 17, 2012 at 06:48:55PM +0100, walter harms wrote:
> >
> >
> > Am 17.11.2012 16:06, schrieb Dan Carpenter:
> > > If param->length is zero, then this could lead to a divide by zero bug
> > > later in the function when we do: size %= max;
> > >
> > > Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
> > >
> > > diff --git a/drivers/usb/misc/usbtest.c b/drivers/usb/misc/usbtest.c
> > > index f10bd97..7667b12 100644
> > > --- a/drivers/usb/misc/usbtest.c
> > > +++ b/drivers/usb/misc/usbtest.c
> > > @@ -423,6 +423,9 @@ alloc_sglist(int nents, int max, int vary)
> > > unsigned i;
> > > unsigned size = max;
> > >
> > > + if (max = 0)
> > > + return NULL;
> > > +
> >
> > maybe you should be more defensive and check from (max <= 0)
> >
>
> Nah... Testing for = 0 is ok.
The parameter comes from user. -1 is hardly possible because the parameter is
defined as unsigned and only alloc_sglist() parameters are signed. Could you
please convert the int to unsigned so it matches the original source of the
parameter?
Passing -1 from user space leads to
|WARNING: at /home/bigeasy/work/new/TI/linux/mm/page_alloc.c:2403
|__alloc_pages_nodemask+0x24d/0x6d0()
aka ENOMEM so it is not that big of deal.
0 on the hand is more critical.
> regards,
> dan carpenter
Sebastian
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2012-11-20 17:44 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2012-11-17 15:06 [patch] USB: usbtest: prevent a divide by zero bug Dan Carpenter
2012-11-17 17:48 ` walter harms
2012-11-17 18:10 ` Dan Carpenter
2012-11-20 17:44 ` Sebastian Andrzej Siewior
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.