Re: [PATCH next v2] nvdimm: Prevent integer overflow in ramdax_get_config_data()

Next message: Thorsten Blum: "[PATCH RESEND] apparmor: Replace deprecated strcpy with memcpy in gen_symlink_name"
Previous message: Bartosz Golaszewski: "Re: [PATCH v19 2/2] power: reset: reboot-mode: Expose sysfs for registered reboot_modes"
In reply to: Mike Rapoport: "Re: [PATCH next v2] nvdimm: Prevent integer overflow in ramdax_get_config_data()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Ira Weiny

Date: Wed Nov 26 2025 - 11:57:13 EST

Dan Carpenter wrote:
> The "cmd->in_offset" variable comes from the user via the __nd_ioctl()
> function. The problem is that the "cmd->in_offset + cmd->in_length"
> addition could have an integer wrapping issue if cmd->in_offset is close
> to UINT_MAX . Both "cmd->in_offset" and "cmd->in_length" are u32
> variables.
>
> Fixes: 43bc0aa19a21 ("nvdimm: allow exposing RAM carveouts as NVDIMM DIMM devices")
> Signed-off-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx>

Staged.

Thanks!
Ira

[snip]