On Fri, 2 Aug 2024 at 04:08, Richard Weinberger wrote:
>
> req is of type size_t, casting it to long opens the door
> for an integer overflow.
> Values between LONG_MAX - (SIZE_SZ + MALLOC_ALIGN_MASK) - 1 and LONG_MAX
> cause and overflow such that request2size() returns MINSIZE.
>
> Fix by removi
req is of type size_t, casting it to long opens the door
for an integer overflow.
Values between LONG_MAX - (SIZE_SZ + MALLOC_ALIGN_MASK) - 1 and LONG_MAX
cause and overflow such that request2size() returns MINSIZE.
Fix by removing the cast.
The origin of the cast is unclear, it's in u-boot and pp
2 matches
Mail list logo
