X-Git-Url: http://git.monstr.eu/?a=blobdiff_plain;ds=inline;f=mm%2Fkasan%2Ftags_report.c;h=bee43717d6f0b3c048d3aa761a9c1ea750bca545;hb=9d9af1007bc08971953ae915d88dc9bb21344b53;hp=969ae08f59d7fbc34405a24890e32b7411a56256;hpb=f838767555d40f29bc4771c5c8cc63193094b7cc;p=linux-2.6-microblaze.git

diff --git a/mm/kasan/tags_report.c b/mm/kasan/tags_report.c
index 969ae08f59d7..bee43717d6f0 100644
--- a/mm/kasan/tags_report.c
+++ b/mm/kasan/tags_report.c
@@ -60,6 +60,17 @@ const char *get_bug_type(struct kasan_access_info *info)
 	}
 
 #endif
+	/*
+	 * If access_size is a negative number, then it has reason to be
+	 * defined as out-of-bounds bug type.
+	 *
+	 * Casting negative numbers to size_t would indeed turn up as
+	 * a large size_t and its value will be larger than ULONG_MAX/2,
+	 * so that this can qualify as out-of-bounds.
+	 */
+	if (info->access_addr + info->access_size < info->access_addr)
+		return "out-of-bounds";
+
 	return "invalid-access";
 }