2016-06-14 19:07, Sergio Gonzalez Monroy: > It is possible to get an integer overflow if we try to reserve a memzone > with len = 0 (meaning the maximum contiguous space available) and the > maximum available elem size is less than (MALLOC_ELEM_OVERHEAD + align). > > Issue reported by Coverity: > > >>> 10. overflow: Subtract operation overflows on operands len and > >>> 64UL. > >>> CID 107111 (#1 of 1): Overflowed return value (INTEGER_OVERFLOW) > >>> 11. overflow_sink: Overflowed or truncated value (or a value > >>> computed from an overflowed or truncated value) > >>> len - 64UL - align used as return value. > 122 return len - MALLOC_ELEM_OVERHEAD - align; > > Fixes: fafcc11985a2 ("mem: rework memzone to be allocated by malloc") > > Signed-off-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy at intel.com>
Applied, thanks