[lvc-project] [PATCH] mm/zsmalloc: prevent integer overflow in obj_free
Anastasia Belova
abelova at astralinux.ru
Thu Mar 20 12:12:27 MSK 2025
On 3/13/25 5:42 PM, Sergey Senozhatsky wrote:
> On (25/03/13 14:51), Anastasia Belova wrote:
>> The result of multiplication of class_size and f_objidx
>> may not fit unsigned integer. Add explicit casting to
>> unsigned long to prevent integer overflow.
> I can't see how this can be possible. Neither size_class nor
> object idx can take values to cause mul overflow.
object index may be up to OBJ_INDEX_MASK = ((_AC(1, UL) <<
OBJ_INDEX_BITS) - 1)
= ((_AC(1, UL) << PAGE_SHIFT) - 1)
class_size may be up to ZS_MAX_ALLOC_SIZE = PAGE_SIZE.
If address (and unsigned long) is 64-bit, the result of multiplication
won't fit 32-bit integer. Please correct me if I'm wrong.
Best regards,
Anastasia Belova
More information about the lvc-project
mailing list