On Feb 2, 2015, at 3:51 PM, Greg Kroah-Hartman wrote:
> On Mon, Feb 02, 2015 at 03:25:58PM -0500, Oleg Drokin wrote:
>>> What is this code supposed to be protecting from? And -1? That should
>>> never be a return value…
>>
>> Why is -1 a bad return value if all callsites check for that as an
>>
On Mon, Feb 02, 2015 at 03:25:58PM -0500, Oleg Drokin wrote:
> Hello!
>
> On Feb 2, 2015, at 10:44 AM, Greg Kroah-Hartman wrote:
>
> > On Mon, Feb 02, 2015 at 04:02:31PM +0300, Dan Carpenter wrote:
> >> On Sun, Feb 01, 2015 at 09:52:05PM -0500, gr...@linuxhacker.ru wrote:
> >>> From: Dmitry Eremi
Hello!
On Feb 2, 2015, at 10:44 AM, Greg Kroah-Hartman wrote:
> On Mon, Feb 02, 2015 at 04:02:31PM +0300, Dan Carpenter wrote:
>> On Sun, Feb 01, 2015 at 09:52:05PM -0500, gr...@linuxhacker.ru wrote:
>>> From: Dmitry Eremin
>>>
>>> Expression if (size != (ssize_t)size) is always false.
>>> Ther
On Mon, Feb 02, 2015 at 04:02:31PM +0300, Dan Carpenter wrote:
> On Sun, Feb 01, 2015 at 09:52:05PM -0500, gr...@linuxhacker.ru wrote:
> > From: Dmitry Eremin
> >
> > Expression if (size != (ssize_t)size) is always false.
> > Therefore no bounds check errors detected.
>
> The original code actua
On Sun, Feb 01, 2015 at 09:52:05PM -0500, gr...@linuxhacker.ru wrote:
> From: Dmitry Eremin
>
> Expression if (size != (ssize_t)size) is always false.
> Therefore no bounds check errors detected.
The original code actually worked as designed. The integer overflow
could only happen on 32 bit sys