On 2017-04-02 09:36, Konstantin Belousov wrote: > On Sun, Apr 02, 2017 at 07:46:13AM +0000, Dmitry Chagin wrote: >> Author: dchagin >> Date: Sun Apr 2 07:46:13 2017 >> New Revision: 316393 >> URL: https://svnweb.freebsd.org/changeset/base/316393 >> >> Log: >> As noted by bde@ negative tv_sec values are not checked for overflow, >> so overflow can still occur. Fix that. Also remove the extra check for >> tv_sec size as under COMPAT_LINUX32 it is always true. >> >> Pointed out by: bde@ >> >> MFC after: 1 week >> >> Modified: >> head/sys/compat/linux/linux_time.c >> >> Modified: head/sys/compat/linux/linux_time.c >> ============================================================================== >> --- head/sys/compat/linux/linux_time.c Sun Apr 2 07:11:15 2017 >> (r316392) >> +++ head/sys/compat/linux/linux_time.c Sun Apr 2 07:46:13 2017 >> (r316393) >> @@ -125,8 +125,7 @@ native_to_linux_timespec(struct l_timesp >> >> LIN_SDT_PROBE2(time, native_to_linux_timespec, entry, ltp, ntp); >> #ifdef COMPAT_LINUX32 >> - if (ntp->tv_sec > INT_MAX && >> - sizeof(ltp->tv_sec) != sizeof(ntp->tv_sec)) >> + if (ntp->tv_sec > INT_MAX || ntp->tv_sec < INT_MIN) > This line reads as only tv_sec == INT_MAX case results in non-EOVERFLOW > condition. > >> return (EOVERFLOW); >> #endif >> ltp->tv_sec = ntp->tv_sec; >
It is possible kib@ did what I did, which was read both sides of the or as comparing against INT_MAX at first glance, rather than the 2nd one being INT_MIN. -- Allan Jude _______________________________________________ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
