tty: an overflow of multiplication in drivers/tty/cyclades.c

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

there is an overflow in the code :
cyz_polling_cycle = (arg * HZ) / 1000,
the multiplicator arg comes from user, so it may be an overflow if
arg is a big number. And the value of cyc_polling_cycle will be
wrong when it is used next time.

Reported-by: Qixue Xiao <xiaoqixue_1@163.com>
Suggested-by: Yongjian Xu <xuyongjiande@gmail.com>
Suggested-by: Yu Chen <chyyuu@gmail.com>
Signed-off-by: Qixue Xiao <xiaoqixue_1@163.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

authored by

Qixue Xiao and committed by

Greg Kroah-Hartman 12 years ago 351d6204 4903713c

1 changed file

expand all

drivers

tty

cyclades.c

drivers/tty/cyclades.c

··· 2709 2709 break; 2710 2710 #ifndef CONFIG_CYZ_INTR 2711 2711 case CYZSETPOLLCYCLE: 2712 + if (arg > LONG_MAX / HZ) 2713 + return -ENODEV; 2712 2714 cyz_polling_cycle = (arg * HZ) / 1000; 2713 2715 break; 2714 2716 case CYZGETPOLLCYCLE: