projects / GitHub / moto-9609 / android_kernel_motorola_exynos9610.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 51e97a1)
cls_u32: signedness bug
authorDan Carpenter <error27@gmail.com>
Mon, 4 Oct 2010 02:28:36 +0000 (02:28 +0000)
committerDavid S. Miller <davem@davemloft.net>
Tue, 5 Oct 2010 07:40:39 +0000 (00:40 -0700)
skb_headroom() is unsigned so "skb_headroom(skb) + toff" is also
unsigned and can't be less than zero.  This test was added in 66d50d25:
"u32: negative offset fix"  It was supposed to fix a regression.

Signed-off-by: Dan Carpenter <error27@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
net/sched/cls_u32.c patch | blob | blame | history

diff --git a/net/sched/cls_u32.c b/net/sched/cls_u32.c
index 7416a5c73b2a993550991ac66eca7cc254c6f2e6..b0c2a82178afa032ce1d09b0e9f400afb2b578f5 100644 (file)
--- a/net/sched/cls_u32.c
+++ b/net/sched/cls_u32.c
@@ -137,7 +137,7 @@ next_knode:
                        int toff = off + key->off + (off2 & key->offmask);
                        __be32 *data, _data;
 
-                       if (skb_headroom(skb) + toff < 0)
+                       if (skb_headroom(skb) + toff > INT_MAX)
                                goto out;
 
                        data = skb_header_pointer(skb, toff, 4, &_data);