Project

General

Profile

Actions

Feature #7339

closed

Restrict values of parameter of write callback of file operations

Added by Evgeny Novikov over 8 years ago. Updated over 8 years ago.

Status:
Closed
Priority:
Urgent
Assignee:
Category:
Environment models
Target version:
-
Start date:
06/23/2016
Due date:
% Done:

0%

Estimated time:
Published in build:
d382669

Description

In 0f6ff65ed8d3 ZERO_SIZE_PTR (returned by kmalloc called with the 0 size) was avoided by early rejecting the 0 value of the cnt parameter that is passed later as a first kmalloc parameter.

If theoretically that parameter can be huge, adding 1 to it can result in overflow and again to call of kmalloc with 0 (CPAchecker with bit precise analysis could detect that). Indeed its values are limited by the kernel in rw_verify_area called by vfs_write (that is called in system call) prior to the write operation of file operations.

That's why we need to restrict values of parameter of write callback of file operations.

Thanks to Pavel, Vadim, Anton and Ilja for understanding this issue.


Related issues 1 (1 open0 closed)

Related to Klever - Bug #7472: EMG may incorrectly match callbacks parameters with several provided labels parametersNewIlja Zakharov08/15/2016

Actions
Actions

Also available in: Atom PDF