On Sun, Feb 01, 2015 at 09:52:05PM -0500, gr...@linuxhacker.ru wrote: > From: Dmitry Eremin <dmitry.ere...@intel.com> > > Expression if (size != (ssize_t)size) is always false. > Therefore no bounds check errors detected.
The original code actually worked as designed. The integer overflow could only happen on 32 bit systems and the test only was true for 32 bit systems. > - if (size != (ssize_t)size) > + if (size > ~((size_t)0)>>1) > return -1; The problem is that the code was unclear. I think the new code is even more complicated to look at. regards, dan carpenter _______________________________________________ devel mailing list de...@linuxdriverproject.org http://driverdev.linuxdriverproject.org/mailman/listinfo/driverdev-devel
