Content-Type: text/plain; charset="UTF-8"
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
MIME-Version: 1.0
From: Ben Hutchings <ben@decadent.org.uk>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
CC: akpm@linux-foundation.org, "Willy Tarreau" <w@1wt.eu>,
        "Linus Torvalds" <torvalds@linux-foundation.org>,
        "Jiri Kosina" <jkosina@suse.cz>,
        "Randy Dunlap" <rdunlap@infradead.org>,
        "Rasmus Villemoes" <linux@rasmusvillemoes.dk>
Date: Fri, 10 Mar 2017 11:46:23 +0000
Message-ID: <lsq.1489146383.141062309@decadent.org.uk>
Subject: [PATCH 3.16 310/370] lib/vsprintf.c: improve sanity check in
 vsnprintf()
In-Reply-To: <lsq.1489146380.780052105@decadent.org.uk>
Sender: linux-kernel-owner@vger.kernel.org
Content-Length: 1205
Lines: 35

3.16.42-rc1 review patch.  If anyone has any objections, please let me know.

------------------

From: Rasmus Villemoes <linux@rasmusvillemoes.dk>

commit 2aa2f9e21e4eb25c720b2e7d80f8929638f6ad73 upstream.

On 64 bit, size may very well be huge even if bit 31 happens to be 0.
Somehow it doesn't feel right that one can pass a 5 GiB buffer but not a
3 GiB one.  So cap at INT_MAX as was probably the intention all along.
This is also the made-up value passed by sprintf and vsprintf.

Signed-off-by: Rasmus Villemoes <linux@rasmusvillemoes.dk>
Cc: Jiri Kosina <jkosina@suse.cz>
Cc: Randy Dunlap <rdunlap@infradead.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Cc: Willy Tarreau <w@1wt.eu>
---
 lib/vsprintf.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/lib/vsprintf.c
+++ b/lib/vsprintf.c
@@ -1657,7 +1657,7 @@ int vsnprintf(char *buf, size_t size, co
 
 	/* Reject out-of-range values early.  Large positive sizes are
 	   used for unknown buffer sizes. */
-	if (WARN_ON_ONCE((int) size < 0))
+	if (WARN_ON_ONCE(size > INT_MAX))
 		return 0;
 
 	str = buf;