hi all,
fs/cifs/inode.c:cifs_set_file_size can truncate iattr.ia_size from loff_t
(long long) to unsigned int here:
io_parms.length = attrs->ia_size;
and i'm wondering if this is intentional. based on a quick read of the code,
it seems that ia_size can at this point have a value over 4G (e.g., via a
call to truncate) and the ->set_file_size callback will transmit the full
64 bit value however in case of specific failures a (fallback?) call to
CIFSSMBWrite would be made with the truncated size.
FTR, this issue was detected with the upcoming version of the size overflow
plugin we have in PaX/grsecurity and there're a handful of similar cases in
the tree where potentially unwanted or unnecessary integer truncations occur,
this being one of these. any opinion/help is welcome!
cheers,
PaX Team
--
To unsubscribe from this list: send the line "unsubscribe linux-cifs" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
