[PATCH] Infinite loop/always true check possible with unsigned counter.
Paul Mackerras
paulus at samba.org
Tue Jul 10 19:49:38 EST 2007
Andreas Schwab writes:
> Paul Mackerras <paulus at samba.org> writes:
>
> > Manish Ahuja writes:
> >
> >> Repost to fix my email id.
> >>
> >> Fix to correct a possible infinite loop or an always true check when the
> >> unsigned long counter "i" is used in
> >> lmb_add_region() in the following for loop:
> >>
> >> for (i = rgn->cnt-1; i >= 0; i--)
> >
> > Unfortunately this won't fix the bug. Since rgn->cnt is unsigned
> > long, the comparison will be done as an unsigned comparison even if i
> > is signed.
>
> ??? There is no rgn->cnt involved in the comparison.
Look further down in lmb_add_region; there is a second for loop that
does
for (i = rgn->cnt-1; i >= 0; i--)
I agree that Manish's patch description was misleading, but there is
a real problem in there.
Paul.
More information about the Linuxppc-dev
mailing list