On Wed, 18 Dec 2013 15:36:11 +0800 xqx12 <s2e...@gmail.com> wrote:
> there is an overflow in the following code :
>
> ticks = fdata.timeout.sec * HZ;
>
> while ticks is a signed 64-bit, but the result of fdata.timeout.sec *
> HZ will be converted be 32-bit first. So ticks will be a wrong value
> after multiplication overflow.
When fixing a bug, please always include a full description of the
user-visible effects of that bug. This helps others decide which
kernel version(s) should be fixed.
> ...
>
> --- a/drivers/pps/pps.c
> +++ b/drivers/pps/pps.c
> @@ -164,7 +164,7 @@ static long pps_cdev_ioctl(struct file *file,
> dev_dbg(pps->dev, "timeout %lld.%09d\n",
> (long long) fdata.timeout.sec,
> fdata.timeout.nsec);
> - ticks = fdata.timeout.sec * HZ;
> + ticks = (s64)(fdata.timeout.sec) * HZ;
> ticks += fdata.timeout.nsec / (NSEC_PER_SEC / HZ);
>
> if (ticks != 0) {
pps_fdata.timeout.sec has type __s64, so the patch should be a no-op?
Did you really observe a runtime problem from this? If so, I suspect
your compiler is busted.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
