Describe why there is no integer overflow.

author: Miloslav Trmač <mitr@redhat.com> 2010-06-30 14:03:21 +0200
committer: Nikos Mavrogiannopoulos <nmav@gnutls.org> 2010-07-19 09:20:09 +0200
commit: c455b175a7cfdbcb11fd3662abcd83d6c6599091 (patch)
tree: b2da5bfdabce8d0883317b2338f64bcd7c781ba2
parent: 64870a37dce501399cec6612ba63c4f94f3bcdf1 (diff)
download: cryptodev-linux-c455b175a7cfdbcb11fd3662abcd83d6c6599091.tar.gz
cryptodev-linux-c455b175a7cfdbcb11fd3662abcd83d6c6599091.tar.xz
cryptodev-linux-c455b175a7cfdbcb11fd3662abcd83d6c6599091.zip
1 files changed, 4 insertions, 0 deletions
diff --git a/ncr-data.c b/ncr-data.c
index 012b920..93c69ac 100644
--- a/ncr-data.c
+++ b/ncr-data.c
@@ -82,6 +82,8 @@ struct data_item_st* item;
 static void* data_alloc(size_t size)
 {
 	/* FIXME: enforce a maximum memory limit per process and per user */
+	/* ncr_data_set() relies this function enforcing a reasonable upper
+	   limit. */
 	if (size > 64*1024) {
 		err();
 		return NULL;
@@ -280,6 +282,8 @@ int ncr_data_set(struct list_sem_st* lst, void __user* arg)
 		}
 		data->data_size = get.data_size;
 	} else {
+		/* get.data_size <= data->max_data_size, which is limited in
+		   data_alloc(), so there is no integer overflow. */
 		if (get.data_size+data->data_size > data->max_data_size) {
 			err();
 			ret = -EINVAL;
author	Miloslav Trmač <mitr@redhat.com>	2010-06-30 14:03:21 +0200
committer	Nikos Mavrogiannopoulos <nmav@gnutls.org>	2010-07-19 09:20:09 +0200
commit	c455b175a7cfdbcb11fd3662abcd83d6c6599091 (patch)
tree	b2da5bfdabce8d0883317b2338f64bcd7c781ba2
parent	64870a37dce501399cec6612ba63c4f94f3bcdf1 (diff)
download	cryptodev-linux-c455b175a7cfdbcb11fd3662abcd83d6c6599091.tar.gz cryptodev-linux-c455b175a7cfdbcb11fd3662abcd83d6c6599091.tar.xz cryptodev-linux-c455b175a7cfdbcb11fd3662abcd83d6c6599091.zip