Subject: Re: copyout and address space overflows
To: None <firstname.lastname@example.org>
From: Joerg Sonnenberger <email@example.com>
Date: 11/17/2006 01:03:04
On Fri, Nov 17, 2006 at 11:01:33AM +1100, matthew green wrote:
> I don't think we have any platforms which doesn't do (1), but Martin
> suggested that Sparc doesn't do (2). The question is, do we want to do
> that in general? The check should be quite cheap and protect against
> passing negative integers as len.
> checking for overflow of addr + len would be OK, but len is already
> an unsigned value.
Yes, but that doesn't mean e.g. an int can't be used as input and get
casted. This happened in the firewire case.