All of lore.kernel.org
 help / color / mirror / Atom feed
* [patch] USB: usbtest: prevent a divide by zero bug
@ 2012-11-17 15:06 Dan Carpenter
  2012-11-17 17:48 ` walter harms
                   ` (2 more replies)
  0 siblings, 3 replies; 4+ messages in thread
From: Dan Carpenter @ 2012-11-17 15:06 UTC (permalink / raw)
  To: kernel-janitors

If param->length is zero, then this could lead to a divide by zero bug
later in the function when we do: size %= max;

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>

diff --git a/drivers/usb/misc/usbtest.c b/drivers/usb/misc/usbtest.c
index f10bd97..7667b12 100644
--- a/drivers/usb/misc/usbtest.c
+++ b/drivers/usb/misc/usbtest.c
@@ -423,6 +423,9 @@ alloc_sglist(int nents, int max, int vary)
 	unsigned		i;
 	unsigned		size = max;
 
+	if (max = 0)
+		return NULL;
+
 	sg = kmalloc_array(nents, sizeof *sg, GFP_KERNEL);
 	if (!sg)
 		return NULL;

^ permalink raw reply related	[flat|nested] 4+ messages in thread
* Re: [patch] USB: usbtest: prevent a divide by zero bug
  2012-11-17 15:06 [patch] USB: usbtest: prevent a divide by zero bug Dan Carpenter
@ 2012-11-17 17:48 ` walter harms
  2012-11-17 18:10 ` Dan Carpenter
  2012-11-20 17:44 ` Sebastian Andrzej Siewior
  2 siblings, 0 replies; 4+ messages in thread
From: walter harms @ 2012-11-17 17:48 UTC (permalink / raw)
  To: kernel-janitors



Am 17.11.2012 16:06, schrieb Dan Carpenter:
> If param->length is zero, then this could lead to a divide by zero bug
> later in the function when we do: size %= max;
> 
> Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
> 
> diff --git a/drivers/usb/misc/usbtest.c b/drivers/usb/misc/usbtest.c
> index f10bd97..7667b12 100644
> --- a/drivers/usb/misc/usbtest.c
> +++ b/drivers/usb/misc/usbtest.c
> @@ -423,6 +423,9 @@ alloc_sglist(int nents, int max, int vary)
>  	unsigned		i;
>  	unsigned		size = max;
>  
> +	if (max = 0)
> +		return NULL;
> +

  maybe you should be more defensive and check from (max <= 0)

re,
 wh	



>  	sg = kmalloc_array(nents, sizeof *sg, GFP_KERNEL);
>  	if (!sg)
>  		return NULL;
> --
> To unsubscribe from this list: send the line "unsubscribe kernel-janitors" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
> 
> 

^ permalink raw reply	[flat|nested] 4+ messages in thread
* Re: [patch] USB: usbtest: prevent a divide by zero bug
  2012-11-17 15:06 [patch] USB: usbtest: prevent a divide by zero bug Dan Carpenter
  2012-11-17 17:48 ` walter harms
@ 2012-11-17 18:10 ` Dan Carpenter
  2012-11-20 17:44 ` Sebastian Andrzej Siewior
  2 siblings, 0 replies; 4+ messages in thread
From: Dan Carpenter @ 2012-11-17 18:10 UTC (permalink / raw)
  To: kernel-janitors

On Sat, Nov 17, 2012 at 06:48:55PM +0100, walter harms wrote:
> 
> 
> Am 17.11.2012 16:06, schrieb Dan Carpenter:
> > If param->length is zero, then this could lead to a divide by zero bug
> > later in the function when we do: size %= max;
> > 
> > Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
> > 
> > diff --git a/drivers/usb/misc/usbtest.c b/drivers/usb/misc/usbtest.c
> > index f10bd97..7667b12 100644
> > --- a/drivers/usb/misc/usbtest.c
> > +++ b/drivers/usb/misc/usbtest.c
> > @@ -423,6 +423,9 @@ alloc_sglist(int nents, int max, int vary)
> >  	unsigned		i;
> >  	unsigned		size = max;
> >  
> > +	if (max = 0)
> > +		return NULL;
> > +
> 
>   maybe you should be more defensive and check from (max <= 0)
> 

Nah...  Testing for = 0 is ok.

regards,
dan carpenter


^ permalink raw reply	[flat|nested] 4+ messages in thread
* Re: [patch] USB: usbtest: prevent a divide by zero bug
  2012-11-17 15:06 [patch] USB: usbtest: prevent a divide by zero bug Dan Carpenter
  2012-11-17 17:48 ` walter harms
  2012-11-17 18:10 ` Dan Carpenter
@ 2012-11-20 17:44 ` Sebastian Andrzej Siewior
  2 siblings, 0 replies; 4+ messages in thread
From: Sebastian Andrzej Siewior @ 2012-11-20 17:44 UTC (permalink / raw)
  To: kernel-janitors

On Sat, Nov 17, 2012 at 09:10:56PM +0300, Dan Carpenter wrote:
> On Sat, Nov 17, 2012 at 06:48:55PM +0100, walter harms wrote:
> > 
> > 
> > Am 17.11.2012 16:06, schrieb Dan Carpenter:
> > > If param->length is zero, then this could lead to a divide by zero bug
> > > later in the function when we do: size %= max;
> > > 
> > > Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
> > > 
> > > diff --git a/drivers/usb/misc/usbtest.c b/drivers/usb/misc/usbtest.c
> > > index f10bd97..7667b12 100644
> > > --- a/drivers/usb/misc/usbtest.c
> > > +++ b/drivers/usb/misc/usbtest.c
> > > @@ -423,6 +423,9 @@ alloc_sglist(int nents, int max, int vary)
> > >  	unsigned		i;
> > >  	unsigned		size = max;
> > >  
> > > +	if (max = 0)
> > > +		return NULL;
> > > +
> > 
> >   maybe you should be more defensive and check from (max <= 0)
> > 
> 
> Nah...  Testing for = 0 is ok.

The parameter comes from user. -1 is hardly possible because the parameter is
defined as unsigned and only alloc_sglist() parameters are signed. Could you
please convert the int to unsigned so it matches the original source of the
parameter?

Passing -1 from user space leads to 

|WARNING: at /home/bigeasy/work/new/TI/linux/mm/page_alloc.c:2403
|__alloc_pages_nodemask+0x24d/0x6d0()

aka ENOMEM so it is not that big of deal.

0 on the hand is more critical.

> regards,
> dan carpenter

Sebastian

^ permalink raw reply	[flat|nested] 4+ messages in thread
end of thread, other threads:[~2012-11-20 17:44 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2012-11-17 15:06 [patch] USB: usbtest: prevent a divide by zero bug Dan Carpenter
2012-11-17 17:48 ` walter harms
2012-11-17 18:10 ` Dan Carpenter
2012-11-20 17:44 ` Sebastian Andrzej Siewior

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.