forked from Minki/linux
usercopy: avoid potentially undefined behavior in pointer math
check_bogus_address() checked for pointer overflow using this expression, where 'ptr' has type 'const void *': ptr + n < ptr Since pointer wraparound is undefined behavior, gcc at -O2 by default treats it like the following, which would not behave as intended: (long)n < 0 Fortunately, this doesn't currently happen for kernel code because kernel code is compiled with -fno-strict-overflow. But the expression should be fixed anyway to use well-defined integer arithmetic, since it could be treated differently by different compilers in the future or could be reported by tools checking for undefined behavior. Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Kees Cook <keescook@chromium.org>
This commit is contained in:
parent
ef0e1ea885
commit
7329a65587
@ -124,7 +124,7 @@ static inline const char *check_kernel_text_object(const void *ptr,
|
||||
static inline const char *check_bogus_address(const void *ptr, unsigned long n)
|
||||
{
|
||||
/* Reject if object wraps past end of memory. */
|
||||
if (ptr + n < ptr)
|
||||
if ((unsigned long)ptr + n < (unsigned long)ptr)
|
||||
return "<wrapped address>";
|
||||
|
||||
/* Reject if NULL or ZERO-allocation. */
|
||||
|
Loading…
Reference in New Issue
Block a user