[module] fix integer overflow in kvmfr_dmabuf_create

2025-10-31 20:52:09 +00:00 · 2020-10-30 00:22:18 -07:00
parent 3de2641d92
commit c0acfd1228
2 changed files with 3 additions and 3 deletions
--- a/module/dkms.conf
+++ b/module/dkms.conf
@@ -1,5 +1,5 @@
 PACKAGE_NAME="kvmfr"
-PACKAGE_VERSION="0.0.3"
+PACKAGE_VERSION="0.0.4"
 BUILT_MODULE_NAME[0]="${PACKAGE_NAME}"
 MAKE[0]="make KDIR=${kernel_source_dir}"
 CLEAN="make KDIR=${kernel_source_dir} clean"
--- a/module/kvmfr.c
+++ b/module/kvmfr.c
@@ -37,7 +37,7 @@ DEFINE_MUTEX(minor_lock);
 DEFINE_IDR(kvmfr_idr);

 #define KVMFR_UIO_NAME    "KVMFR"
-#define KVMFR_UIO_VER     "0.0.3"
+#define KVMFR_UIO_VER     "0.0.4"
 #define KVMFR_DEV_NAME    "kvmfr"
 #define KVMFR_MAX_DEVICES 10

@@ -171,7 +171,7 @@ static long kvmfr_dmabuf_create(struct kvmfr_dev * kdev, struct file * filp, uns
    return -EINVAL;
  }

-  if (create.offset + create.size > kdev->size)
+  if ((create.offset + create.size > kdev->size) || (create.offset + create.size < create.offset))
    return -EINVAL;

  kbuf = kzalloc(sizeof(struct kvmfrbuf), GFP_KERNEL);