Revert "net: ptr_ring: otherwise safe empty checks can overrun array bounds"
This reverts commit bcecb4bb . If we try to allocate an extra entry as the above commit did, and when the requested size is UINT_MAX, addition overflows causing zero size to be passed to kmalloc(). kmalloc then returns ZERO_SIZE_PTR with a subsequent crash. Reported-by: <syzbot+87678bcf753b44c39b67@syzkaller.appspotmail.com> Cc: John Fastabend <john.fastabend@gmail.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Acked-by: John Fastabend <john.fastabend@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
parent
84328342
Please register or sign in to comment