On Mon, 19 Aug 2024 at 19:52, Jann Horn <jannh@xxxxxxxxxx> wrote: > > The existing code uses min_t(ssize_t, outarg.size, XATTR_LIST_MAX) when > parsing the FUSE daemon's response to a zero-length getxattr/listxattr > request. > On 32-bit kernels, where ssize_t and outarg.size are the same size, this is > wrong: The min_t() will pass through any size values that are negative when > interpreted as signed. > fuse_listxattr() will then return this userspace-supplied negative value, > which callers will treat as an error value. > Applied, thanks. Miklos
