Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
tty: Avoid undefined behaviour (left shift of 1 by 31 places overflow…
…s int) The valid sizes of the tty input and output queues (according to the man page) are between 1024 and 65536 and input values are converted to a power of two. The check on the validity of the range is done after the input values are converted, however, which means that a hostile program can attempt to set the queue size to a negative value, and cause integer overflow before the range is validated. Detected by UBSan Reported-by: syzbot+521b73969fd233c49e58@syzkaller.appspotmail.com
- Loading branch information