acct: fix potential integer overflow in encode_comp_t()

The integer overflow is descripted with following codes: > 317 static comp_t encode_comp_t(u64 value) > 318 { > 319 int exp, rnd; ...... > 341 exp <<= MANTSIZE; > 342 exp += value; > 343 return exp; > 344 } Currently comp_t is defined as type of '__u16', but the variable 'exp' is type of 'int', so overflow would happen when variable 'exp' in line 343 is greater than 65535. Link: https://lkml.kernel.org/r/[email protected] Signed-off-by: Zheng Yejian <[email protected]> Cc: Hanjun Guo <[email protected]> Cc: Randy Dunlap <[email protected]> Cc: Vlastimil Babka <[email protected]> Cc: Zhang Jinhao <[email protected]> Signed-off-by: Andrew Morton <[email protected]>
author: Zheng Yejian <[email protected]> 2021-05-15 22:06:31 +0800
committer: Andrew Morton <[email protected]> 2022-11-30 16:13:18 -0800
commit: c5f31c655bcc01b6da53b836ac951c1556245305 (patch)
tree: b8bf5588b37bda48fff034aa91653d7df092d207
parent: 457139f16ae15d86df1e491fc45a9ea56def57b5 (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/kernel/acct.c b/kernel/acct.c
index 31b09cf7189c..010667ce6080 100644
--- a/kernel/acct.c
+++ b/kernel/acct.c
@@ -350,6 +350,8 @@ static comp_t encode_comp_t(u64 value)
 		exp++;
 	}
 
+	if (exp > (((comp_t) ~0U) >> MANTSIZE))
+		return (comp_t) ~0U;
 	/*
 	 * Clean it up and polish it off.
 	 */
author	Zheng Yejian <[email protected]>	2021-05-15 22:06:31 +0800
committer	Andrew Morton <[email protected]>	2022-11-30 16:13:18 -0800
commit	c5f31c655bcc01b6da53b836ac951c1556245305 (patch)
tree	b8bf5588b37bda48fff034aa91653d7df092d207
parent	457139f16ae15d86df1e491fc45a9ea56def57b5 (diff)