Re: [PATCH] mm/zsmalloc: prevent integer overflow in obj_free

[Anastasia Belova]

On 3/13/25 5:42 PM, Sergey Senozhatsky wrote:
> On (25/03/13 14:51), Anastasia Belova wrote:
> > The result of multiplication of class_size and f_objidx
> > may not fit unsigned integer. Add explicit casting to
> > unsigned long to prevent integer overflow.
> I can't see how this can be possible.  Neither size_class nor
> object idx can take values to cause mul overflow.

object index may be up to OBJ_INDEX_MASK = ((_AC(1, UL) << 
OBJ_INDEX_BITS) - 1)
= ((_AC(1, UL) << PAGE_SHIFT) - 1)

class_size may be up to ZS_MAX_ALLOC_SIZE = PAGE_SIZE.

If address (and unsigned long) is 64-bit, the result of multiplication
won't fit 32-bit integer. Please correct me if I'm wrong.

Best regards,
Anastasia Belova