Re: [PATCH] usb: fix potential integer overflow in usb_sg_init

From: Alan Stern
Date: Tue Jan 19 2016 - 09:57:26 EST

On Mon, 18 Jan 2016, Insu Yun wrote:

> On Mon, Jan 18, 2016 at 1:32 PM, Alan Stern <stern@xxxxxxxxxxxxxxxxxxx>
> wrote:
> > On Mon, 18 Jan 2016, Insu Yun wrote:
> >
> > > If nents value is sufficient large, e.g 0x40000000,
> > > then it can overflow size in kmalloc and heap overflow happesns.
> > > Therefore nents value needs to be checked to prevent overflow.
> >
> > I don't see why. You seem to be assuming that failure with -EINVAL is
> > better than failure with a heap overflow. I disagree; a heap overflow
> > provides more debugging information to help locate the reason for the
> > underlying problem.
> >
> I agree that heap overflow gives more information than -EINVAL.
> However, I think -EINVAL already gives sufficient information for debugging.

Actually it doesn't. -EINVAL return codes occur all over the place.
It's not easy to tell exactly what went wrong when one of them pops up.

> And I thin crash is bad, so returning -EINVAL seems better.

A better solution in this case would be to avoid overflows by changing
the kmalloc call to kmalloc_array, instead of duplicating the code.

Alan Stern