projects / openwrt / staging / blogic.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: e42617b) | patch
pipe: Fix bogus dereference in iov_iter_alignment()
authorJan Kara <jack@suse.cz>
Mon, 16 Dec 2019 10:54:32 +0000 (11:54 +0100)
committerAl Viro <viro@zeniv.linux.org.uk>
Mon, 16 Dec 2019 17:48:10 +0000 (12:48 -0500)
commite0ff126ee7ad405c1ef531f9f3db92929de4f20f
tree3db8cda1843d84196659155c7690644449d2bc18tree | snapshot
parente42617b825f8073569da76dc4510bfa019b1c35acommit | diff
pipe: Fix bogus dereference in iov_iter_alignment()

We cannot look at 'i->pipe' unless we know the iter is a pipe. Move the
ring_size load to a branch in iov_iter_alignment() where we've already
checked the iter is a pipe to avoid bogus dereference.

Reported-by: syzbot+bea68382bae9490e7dd6@syzkaller.appspotmail.com
Fixes: 8cefc107ca54 ("pipe: Use head and tail pointers for the ring, not cursor and length")
Signed-off-by: Jan Kara <jack@suse.cz>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
lib/iov_iter.c diff | blob | history
John Crispins staging tree