Re: [PATCH] net: qrtr: fix 32-bit integer overflow in qrtr_endpoint_post()

Next message: Baolu Lu: "Re: [PATCH] iommu/vt-d: Clear Present bit before tearing down scalable-mode context entry"
Previous message: patchwork-bot+netdevbpf: "Re: [PATCH net] net/mlx5: Check max_macs devlink param value against max capability"
In reply to: Simon Horman: "Re: [PATCH] net: qrtr: fix 32-bit integer overflow in qrtr_endpoint_post()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: patchwork-bot+netdevbpf

Date: Fri Jun 12 2026 - 21:51:14 EST

Hello:

This patch was applied to netdev/net.git (main)
by Jakub Kicinski <kuba@xxxxxxxxxx>:

On Thu, 11 Jun 2026 08:54:55 -0400 you wrote:
> qrtr_endpoint_post() validates an incoming packet with
>
> if (!size || len != ALIGN(size, 4) + hdrlen)
> goto err;
>
> where size comes from the wire. On 32-bit, size_t is 32 bits and
> ALIGN(size, 4) wraps to 0 for size >= 0xfffffffd, so the check
> passes and skb_put_data(skb, data + hdrlen, size) writes past the
> hdrlen-sized skb and oopses the kernel. 64-bit is unaffected.
>
> [...]

Here is the summary with links:
- net: qrtr: fix 32-bit integer overflow in qrtr_endpoint_post()
https://git.kernel.org/netdev/net/c/20054869770c

You are awesome, thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html