diff options
author | Vince Kim <vince.k.kim@gmail.com> | 2017-10-31 11:33:40 -0700 |
---|---|---|
committer | Dmitry Torokhov <dmitry.torokhov@gmail.com> | 2017-11-03 12:45:22 -0700 |
commit | a2c714e8cb538406d61e321c627b55ed5362991e (patch) | |
tree | 964e518713b0235dc23948ff6ac2f1ac0c86e063 /lib/string_helpers.c | |
parent | 11772c9c185735e244731e23b1983d5c7ab03c80 (diff) |
Input: cyttsp4 - avoid overflows when calculating memory sizes
There are several places to perform subtraction to calculate buffer
size such as:
si->si_ofs.cydata_size = si->si_ofs.test_ofs - si->si_ofs.cydata_ofs;
...
p = krealloc(si->si_ptrs.cydata, si->si_ofs.cydata_size, GFP_KERNEL);
Actually, data types of above variables during subtraction are size_t, so
it is unsigned. That means if second operand(si->si_ofs.cydata_ofs) is
greater than the first operand(si->si_ofs.test_ofs), then resulting
si->si_ofs.cydata_size could result in an unsigned integer wrap which is
not desirable.
The proper way to correct this problem is to perform a test of both
operands to avoid having unsigned wrap.
Signed-off-by: Vince Kim <vince.k.kim@gmail.com>
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
Diffstat (limited to 'lib/string_helpers.c')
0 files changed, 0 insertions, 0 deletions