[PATCH 2/2] kasan: Fix a type conversion error

Wang Long Tue, 08 Sep 2015 21:01:18 -0700

The current KASAN code can find the following out-of-bounds
bugs:
        char *ptr;
        ptr = kmalloc(8, GFP_KERNEL);
        memset(ptr+7, 0, 2);


the cause of the problem is the type conversion error in
*memory_is_poisoned_n* function. So this patch fix that.

Signed-off-by: Wang Long <long.wangl...@huawei.com>
---
 mm/kasan/kasan.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/mm/kasan/kasan.c b/mm/kasan/kasan.c
index 7b28e9c..5d65d06 100644
--- a/mm/kasan/kasan.c
+++ b/mm/kasan/kasan.c
@@ -204,7 +204,7 @@ static __always_inline bool memory_is_poisoned_n(unsigned 
long addr,
                s8 *last_shadow = (s8 *)kasan_mem_to_shadow((void *)last_byte);
 
                if (unlikely(ret != (unsigned long)last_shadow ||
-                       ((last_byte & KASAN_SHADOW_MASK) >= *last_shadow)))
+                       ((long)(last_byte & KASAN_SHADOW_MASK) >= 
*last_shadow)))
                        return true;
        }
        return false;
-- 
1.8.3.4

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[PATCH 2/2] kasan: Fix a type conversion error

Reply via email to