diff options
author | Rasmus Villemoes <linux@rasmusvillemoes.dk> | 2015-11-07 01:30:23 +0100 |
---|---|---|
committer | Linus Torvalds <torvalds@linux-foundation.org> | 2015-11-07 02:50:42 +0100 |
commit | 762abb515415a5a4a37423f4f4ff5770d5a14bac (patch) | |
tree | c684c91824f7ba4af32be07ee61bc3ff611eb71a /lib/vsprintf.c | |
parent | lib/vsprintf.c: handle invalid format specifiers more robustly (diff) | |
download | linux-762abb515415a5a4a37423f4f4ff5770d5a14bac.tar.xz linux-762abb515415a5a4a37423f4f4ff5770d5a14bac.zip |
lib/vsprintf.c: also improve sanity check in bstr_printf()
Quoting from 2aa2f9e21e4e ("lib/vsprintf.c: improve sanity check in
vsnprintf()"):
On 64 bit, size may very well be huge even if bit 31 happens to be 0.
Somehow it doesn't feel right that one can pass a 5 GiB buffer but not a
3 GiB one. So cap at INT_MAX as was probably the intention all along.
This is also the made-up value passed by sprintf and vsprintf.
I should have seen this copy-pasted instance back then, but let's just
do it now.
Signed-off-by: Rasmus Villemoes <linux@rasmusvillemoes.dk>
Reviewed-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Acked-by: Kees Cook <keescook@chromium.org>
Cc: Martin Kletzander <mkletzan@redhat.com>
Cc: Rasmus Villemoes <linux@rasmusvillemoes.dk>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'lib/vsprintf.c')
-rw-r--r-- | lib/vsprintf.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/vsprintf.c b/lib/vsprintf.c index e35724c2b2a8..a513469e9399 100644 --- a/lib/vsprintf.c +++ b/lib/vsprintf.c @@ -2270,7 +2270,7 @@ int bstr_printf(char *buf, size_t size, const char *fmt, const u32 *bin_buf) char *str, *end; const char *args = (const char *)bin_buf; - if (WARN_ON_ONCE((int) size < 0)) + if (WARN_ON_ONCE(size > INT_MAX)) return 0; str = buf; |