svn commit: r316393 - head/sys/compat/linux
Allan Jude
allanjude at freebsd.org
Sun Apr 2 17:59:21 UTC 2017
On 2017-04-02 09:36, Konstantin Belousov wrote:
> On Sun, Apr 02, 2017 at 07:46:13AM +0000, Dmitry Chagin wrote:
>> Author: dchagin
>> Date: Sun Apr 2 07:46:13 2017
>> New Revision: 316393
>> URL: https://svnweb.freebsd.org/changeset/base/316393
>>
>> Log:
>> As noted by bde@ negative tv_sec values are not checked for overflow,
>> so overflow can still occur. Fix that. Also remove the extra check for
>> tv_sec size as under COMPAT_LINUX32 it is always true.
>>
>> Pointed out by: bde@
>>
>> MFC after: 1 week
>>
>> Modified:
>> head/sys/compat/linux/linux_time.c
>>
>> Modified: head/sys/compat/linux/linux_time.c
>> ==============================================================================
>> --- head/sys/compat/linux/linux_time.c Sun Apr 2 07:11:15 2017 (r316392)
>> +++ head/sys/compat/linux/linux_time.c Sun Apr 2 07:46:13 2017 (r316393)
>> @@ -125,8 +125,7 @@ native_to_linux_timespec(struct l_timesp
>>
>> LIN_SDT_PROBE2(time, native_to_linux_timespec, entry, ltp, ntp);
>> #ifdef COMPAT_LINUX32
>> - if (ntp->tv_sec > INT_MAX &&
>> - sizeof(ltp->tv_sec) != sizeof(ntp->tv_sec))
>> + if (ntp->tv_sec > INT_MAX || ntp->tv_sec < INT_MIN)
> This line reads as only tv_sec == INT_MAX case results in non-EOVERFLOW
> condition.
>
>> return (EOVERFLOW);
>> #endif
>> ltp->tv_sec = ntp->tv_sec;
>
It is possible kib@ did what I did, which was read both sides of the or
as comparing against INT_MAX at first glance, rather than the 2nd one
being INT_MIN.
--
Allan Jude
More information about the svn-src-all
mailing list