[lvc-project] [PATCH] drivers: net: bsd_comp: fix integer overflow in bsd_decompress()
Roman Smirnov
r.smirnov at omp.ru
Mon Aug 12 11:43:11 MSK 2024
The result of a bit shift has type int. If ibuf is greater than or
equal to 128, a sign switch will occur. After that, the higher 32
bits in accm will be set to 1.
Cast the result of the expression to unsigned long.
Found by Linux Verification Center (linuxtesting.org) with Svace.
Signed-off-by: Roman Smirnov <r.smirnov at omp.ru>
---
drivers/net/ppp/bsd_comp.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/ppp/bsd_comp.c b/drivers/net/ppp/bsd_comp.c
index 55954594e157..078fe8c9bee8 100644
--- a/drivers/net/ppp/bsd_comp.c
+++ b/drivers/net/ppp/bsd_comp.c
@@ -918,7 +918,7 @@ static int bsd_decompress (void *state, unsigned char *ibuf, int isize,
*/
bitno -= 8;
- accm |= *ibuf++ << bitno;
+ accm |= (unsigned long)(*ibuf++) << bitno;
if (tgtbitno < bitno)
{
continue;
--
2.43.0
More information about the lvc-project
mailing list