[PATCH bpf] bpf: Fix integer overflow in queue_stack_map_alloc.

Integer overflow in queue_stack_map_alloc when calculating size may lead to heap overflow of arbitrary length. The patch fix it by checking whether attr->max_entries+1 < attr->max_entries and bailing out if it is the case. The vulnerability is discovered with the assistance of syzkaller. Reporte

Re: [PATCH bpf] bpf: Fix integer overflow in queue_stack_map_alloc.

On Thu, Nov 22, 2018 at 11:59:02PM +0800, Wei Wu wrote: > Integer overflow in queue_stack_map_alloc when calculating size may > lead to heap overflow of arbitrary length. > The patch fix it by checking whether attr->max_entries+1 < > attr->max_entries and bailing out if it is the case. > The vulner

[PATCH bpf] bpf: Fix integer overflow in queue_stack_map_alloc.

Integer overflow in queue_stack_map_alloc when calculating size may lead to heap overflow of arbitrary length. The patch fix it by checking whether attr->max_entries+1 < attr->max_entries and bailing out if it is the case. The vulnerability is discovered with the assistance of syzkaller. Reported-