there is an overflow in the following code : ticks = fdata.timeout.sec * HZ;
while ticks is a signed 64-bit, but the result of fdata.timeout.sec * HZ will be converted be 32-bit first. So ticks will be a wrong value after multiplication overflow. Reported-by: Qixue Xiao <xiaoqixu...@163.com> Suggested-by: Yongjian Xu <xuyongjia...@gmail.com> Suggested-by: Yu Chen <chy...@gmail.com> Signed-off-by: Qixue Xiao <xiaoqixu...@163.com> --- drivers/pps/pps.c | 2 +- gentags.sh | 4 +++ memory_leak.txt | 88 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 93 insertions(+), 1 deletion(-) create mode 100755 gentags.sh create mode 100644 memory_leak.txt diff --git a/drivers/pps/pps.c b/drivers/pps/pps.c index 2f07cd6..44ddd22 100644 --- a/drivers/pps/pps.c +++ b/drivers/pps/pps.c @@ -164,7 +164,7 @@ static long pps_cdev_ioctl(struct file *file, dev_dbg(pps->dev, "timeout %lld.%09d\n", (long long) fdata.timeout.sec, fdata.timeout.nsec); - ticks = fdata.timeout.sec * HZ; + ticks = (s64)(fdata.timeout.sec) * HZ; ticks += fdata.timeout.nsec / (NSEC_PER_SEC / HZ); if (ticks != 0) { -- 1.7.9.5 -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/