On 28.08.2025 10:17, Dmytro Prokopchuk1 wrote:
> Resolve infinite loop issue in the 'fail:' cleanup path of the function
> 'assign_shared_memory()'. The issue was caused by an 'unsigned long' type
> for the loop counter 'i', which could underflow and wrap around, violating
> termination conditions.
> Change 'i' to a signed data type ('long') to ensure safe termination of
> the 'while (--i >= 0)' loop.
If I was a maintainer of this code, I would strongly object to such a change.
A signed type variable used as (effectively) an array index is almost always
conceptually wrong. Plus i continues to be compared to nr_pages, which still
is of an unsigned type.
What imo wants changing instead is the use of the variable:
fail:
while ( i-- > 0 )
put_page_nr(page + i, nr_borrowers);
or yet more simply
fail:
while ( i-- )
put_page_nr(page + i, nr_borrowers);
See e.g. prepare_staticmem_pages() for a similar case.
Jan
