FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.

» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Ubuntu > Ubuntu Kernel Team
Reload this Page ACK w/cmnt: eCryptfs: Infinite loop due to overflow in ecryptfs_write()

 
 
LinkBack Thread Tools
 
Old 03-05-2012, 02:00 PM
Stefan Bader
 
Default ACK w/cmnt: eCryptfs: Infinite loop due to overflow in ecryptfs_write()
On 05.03.2012 15:07, Colin King wrote:
> From: Li Wang <liwang@nudt.edu.cn>
>
> ecryptfs_write() can enter an infinite loop when truncating a file to a
> size larger than 4G. This only happens on architectures where size_t is
> represented by 32 bits.
>
> This was caused by a size_t overflow due to it incorrectly being used to
> store the result of a calculation which uses potentially large values of
> type loff_t.
>
> [tyhicks@canonical.com: rewrite subject and commit message]
> Signed-off-by: Li Wang <liwang@nudt.edu.cn>
> Signed-off-by: Yunchuan Wen <wenyunchuan@kylinos.com.cn>
> Reviewed-by: Cong Wang <xiyou.wangcong@gmail.com>
> Cc: <stable@vger.kernel.org>
> Signed-off-by: Tyler Hicks <tyhicks@canonical.com>

> Signed-off-by: Colin ian King <colin.king@canonical.com>
> (cherry picked from commit 684a3ff7e69acc7c678d1a1394fe9e757993fd34)

Maybe better switch around the picked and sob. So picked and then signed off?
Probably should have a bug link in there?

> ---
> fs/ecryptfs/read_write.c | 4 ++--
> 1 files changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/fs/ecryptfs/read_write.c b/fs/ecryptfs/read_write.c
> index 3745f7c..ec3d936 100644
> --- a/fs/ecryptfs/read_write.c
> +++ b/fs/ecryptfs/read_write.c
> @@ -130,13 +130,13 @@ int ecryptfs_write(struct inode *ecryptfs_inode, char *data, loff_t offset,
> pgoff_t ecryptfs_page_idx = (pos >> PAGE_CACHE_SHIFT);
> size_t start_offset_in_page = (pos & ~PAGE_CACHE_MASK);
> size_t num_bytes = (PAGE_CACHE_SIZE - start_offset_in_page);
> - size_t total_remaining_bytes = ((offset + size) - pos);
> + loff_t total_remaining_bytes = ((offset + size) - pos);
>
> if (num_bytes > total_remaining_bytes)
> num_bytes = total_remaining_bytes;
> if (pos < offset) {
> /* remaining zeros to write, up to destination offset */
> - size_t total_remaining_zeros = (offset - pos);
> + loff_t total_remaining_zeros = (offset - pos);
>
> if (num_bytes > total_remaining_zeros)
> num_bytes = total_remaining_zeros;


--
kernel-team mailing list
kernel-team@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/kernel-team
 

Thread Tools




All times are GMT. The time now is 11:06 PM.

VBulletin, Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright ©2007 - 2008, www.linux-archive.org

Contact Us - Linux Archive - Archive - Top -