From af7c693f146069a1f44739acef9abf1bc27f7247 Mon Sep 17 00:00:00 2001 From: Guy Streeter Date: Tue, 8 May 2007 00:25:12 -0700 Subject: [PATCH] Cap shmmax at INT_MAX in compat shminfo The value of shmmax may be larger than will fit in the struct used by the 32bit compat version of sys_shmctl. This change mirrors what the normal sys_shmctl does when called with the old IPC_INFO command. Signed-off-by: Guy Streeter Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds --- ipc/compat.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/ipc/compat.c b/ipc/compat.c index fa18141539fb..8b44aa9a7c95 100644 --- a/ipc/compat.c +++ b/ipc/compat.c @@ -542,6 +542,8 @@ static inline int put_compat_shminfo64(struct shminfo64 *smi, if (!access_ok(VERIFY_WRITE, up64, sizeof(*up64))) return -EFAULT; + if (smi->shmmax > INT_MAX) + smi->shmmax = INT_MAX; err = __put_user(smi->shmmax, &up64->shmmax); err |= __put_user(smi->shmmin, &up64->shmmin); err |= __put_user(smi->shmmni, &up64->shmmni); @@ -557,6 +559,8 @@ static inline int put_compat_shminfo(struct shminfo64 *smi, if (!access_ok(VERIFY_WRITE, up, sizeof(*up))) return -EFAULT; + if (smi->shmmax > INT_MAX) + smi->shmmax = INT_MAX; err = __put_user(smi->shmmax, &up->shmmax); err |= __put_user(smi->shmmin, &up->shmmin); err |= __put_user(smi->shmmni, &up->shmmni); -- 2.20.1