On Thu, 2018-10-04 at 23:57 -0700, Nathan Chancellor wrote: +AD4 Regardless of how the overflow is handled within the switch statement, +AD4 the overflow is also happening when passing in these values to the ioctl, +AD4 right? I mean these case values are defined in the uapi files so that +AD4 userspace can easily pass them in to the ioctl, meaning those values are +AD4 being passed in as a signed integer and I would assume subsequently +AD4 overflowing unless I'm just missing something here. >From the user space header +ADw-sys/ioctl.h+AD4: extern int ioctl (int +AF8AXw-fd, unsigned long int +AF8AXw-request, ...) +AF8AXw-THROW+ADs >From the kernel header +ADw-linux/fs.h+AD4: long (+ACo-unlocked+AF8-ioctl) (struct file +ACo, unsigned int, unsigned long)+ADs long (+ACo-compat+AF8-ioctl) (struct file +ACo, unsigned int, unsigned long)+ADs Why has the second argument been declared as +ACI-unsigned long+ACI in the glibc headers and as +ACI-unsigned int+ACI in the kernel headers? That's not clear to me. Bart.
