"len" is an int. We verified that len was postive already. Since
PAGE_SIZE is specified as an unsigned long, the type it promoted to
unsigned and the condition is never true.
I'm not sure this check is actually needed. It might be that we could
just remove it?
Signed-off-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx>
diff --git a/net/rds/info.c b/net/rds/info.c
index 9a6b4f6..4d62618 100644
--- a/net/rds/info.c
+++ b/net/rds/info.c
@@ -176,7 +176,7 @@ int rds_info_getsockopt(struct socket *sock, int optname, char __user *optval,
/* check for all kinds of wrapping and the like */
start = (unsigned long)optval;
- if (len < 0 || len + PAGE_SIZE - 1 < len || start + len < start) {
+ if (len < 0 || len > INT_MAX - (PAGE_SIZE - 1) || start + len < start) {
ret = -EINVAL;
goto out;
}
--
To unsubscribe from this list: send the line "unsubscribe kernel-janitors" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
