eventpoll: Fix integer overflow in ep_loop_check_proc() - user/sven/linux.git

diff options

author	Jann Horn <jannh@google.com>	2026-02-23 20:59:33 +0100
committer	Christian Brauner <brauner@kernel.org>	2026-02-24 10:21:30 +0100
commit	fdcfce93073d990ed4b71752e31ad1c1d6e9d58b (patch)
tree	bf12f9534e30ab1ae234fbdafefa3912a2c80431 /kernel/crash_dump_dm_crypt.c
parent	f6a495484a27150fb85f943e1a7464da88c2a797 (diff)

eventpoll: Fix integer overflow in ep_loop_check_proc()

If a recursive call to ep_loop_check_proc() hits the `result = INT_MAX`, an integer overflow will occur in the calling ep_loop_check_proc() at `result = max(result, ep_loop_check_proc(ep_tovisit, depth + 1) + 1)`, breaking the recursion depth check. Fix it by using a different placeholder value that can't lead to an overflow. Reported-by: Guenter Roeck <linux@roeck-us.net> Fixes: f2e467a48287 ("eventpoll: Fix semi-unbounded recursion") Cc: stable@vger.kernel.org Signed-off-by: Jann Horn <jannh@google.com> Link: https://patch.msgid.link/20260223-epoll-int-overflow-v1-1-452f35132224@google.com Signed-off-by: Christian Brauner <brauner@kernel.org>

Diffstat (limited to 'kernel/crash_dump_dm_crypt.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: