git.ipfire.org Git - thirdparty/kernel/linux.git/commit

author	Arnaldo Carvalho de Melo <acme@redhat.com>
	Sat, 2 May 2026 17:51:05 +0000 (14:51 -0300)
committer	Arnaldo Carvalho de Melo <acme@redhat.com>
	Fri, 29 May 2026 14:44:34 +0000 (11:44 -0300)
commit	d88e954c8271c9c47d6d50dcfdd864e6b031d166
tree	c7d080604b7d321769f4b1f234dbb48ff6477111	tree \| snapshot
parent	6e803f1e0198f436d512f9b0eebd89ec2a85ac85	commit \| diff

perf session: Check for decompression buffer size overflow

On 32-bit systems, sizeof(struct decomp) + decomp_len can wrap
size_t when comp_mmap_len is large.  The preceding patch validates
comp_mmap_len alignment but does not cap the upper bound, so two
additions can still overflow:

1. decomp_len += decomp_last_rem: on 32-bit, adding a u64 to
   size_t silently truncates, producing a corrupted decomp_len
   that would bypass the subsequent overflow check and result
   in an undersized buffer allocation.

2. sizeof(struct decomp) + decomp_len: the final addition could
   overflow on systems with small size_t.

Add explicit overflow checks before each addition as
defense-in-depth.

Reported-by: sashiko-bot@kernel.org # Running on a local machine
Reviewed-by: Ian Rogers <irogers@google.com>
Cc: Jiri Olsa <jolsa@kernel.org>
Cc: Namhyung Kim <namhyung@kernel.org>
Assisted-by: Claude:claude-opus-4.6-1m
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>