On Sun, Feb 01, 2015 at 09:52:05PM -0500, green@xxxxxxxxxxxxxx wrote: > From: Dmitry Eremin <dmitry.eremin@xxxxxxxxx> > > Expression if (size != (ssize_t)size) is always false. > Therefore no bounds check errors detected. The original code actually worked as designed. The integer overflow could only happen on 32 bit systems and the test only was true for 32 bit systems. > - if (size != (ssize_t)size) > + if (size > ~((size_t)0)>>1) > return -1; The problem is that the code was unclear. I think the new code is even more complicated to look at. regards, dan carpenter _______________________________________________ devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxx http://driverdev.linuxdriverproject.org/mailman/listinfo/driverdev-devel
