On Sun, Feb 01, 2015 at 09:52:05PM -0500, gr...@linuxhacker.ru wrote: > From: Dmitry Eremin <dmitry.ere...@intel.com> > > Expression if (size != (ssize_t)size) is always false. > Therefore no bounds check errors detected.
The original code actually worked as designed. The integer overflow could only happen on 32 bit systems and the test only was true for 32 bit systems. > - if (size != (ssize_t)size) > + if (size > ~((size_t)0)>>1) > return -1; The problem is that the code was unclear. I think the new code is even more complicated to look at. regards, dan carpenter -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
