there is an overflow in the following code :
ticks = fdata.timeout.sec * HZ;
while ticks is a signed 64-bit, but the result of fdata.timeout.sec *
HZ will be converted be 32-bit first. So ticks will be a wrong value
after multiplication overflow.
Reported-by: Qixue Xiao <xiaoqixu...@163.com>
Suggested-by: Yongjian Xu <xuyongjia...@gmail.com>
Suggested-by: Yu Chen <chy...@gmail.com>
Signed-off-by: Qixue Xiao <xiaoqixu...@163.com>
---
drivers/pps/pps.c | 2 +-
gentags.sh | 4 +++
memory_leak.txt | 88 +++++++++++++++++++++++++++++++++++++++++++++++++++++
3 files changed, 93 insertions(+), 1 deletion(-)
create mode 100755 gentags.sh
create mode 100644 memory_leak.txt
diff --git a/drivers/pps/pps.c b/drivers/pps/pps.c
index 2f07cd6..44ddd22 100644
--- a/drivers/pps/pps.c
+++ b/drivers/pps/pps.c
@@ -164,7 +164,7 @@ static long pps_cdev_ioctl(struct file *file,
dev_dbg(pps->dev, "timeout %lld.%09d\n",
(long long) fdata.timeout.sec,
fdata.timeout.nsec);
- ticks = fdata.timeout.sec * HZ;
+ ticks = (s64)(fdata.timeout.sec) * HZ;
ticks += fdata.timeout.nsec / (NSEC_PER_SEC / HZ);
if (ticks != 0) {
--
1.7.9.5
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
