On 12/19/17 2:29 AM, Edward Cree wrote:
On 19/12/17 04:12, Alexei Starovoitov wrote:
Also reduce the scope of "scalar op scalar" tracking.
@@ -2046,6 +2088,12 @@ static int adjust_scalar_min_max_vals(struct
bpf_verifier_env *env,
src_known = tnum_is_const(src_reg.var_off);
ds
On 19/12/17 04:12, Alexei Starovoitov wrote:
> Also reduce the scope of "scalar op scalar" tracking.
> @@ -2046,6 +2088,12 @@ static int adjust_scalar_min_max_vals(struct
> bpf_verifier_env *env,
> src_known = tnum_is_const(src_reg.var_off);
> dst_known = tnum_is_const(dst_reg->var_of
There were various issues related to the limited size of integers used in
the verifier:
- `off + size` overflow in __check_map_access()
- `off + reg->off` overflow in check_mem_access()
- `off + reg->var_off.value` overflow or 32-bit truncation of
`reg->var_off.value` in check_mem_access()
-
