fs/exec.c: work around icc miscompilation

The tricky problem is this check: if (i++ >= max) icc (mis)optimizes this check as: if (++i > max) The check now becomes a no-op since max is MAX_ARG_STRINGS (0x7FFFFFFF). This is "allowed" by the C standard, assuming i++ never overflows, because signed integer overflow is undefined behavior. This optimization effectively reverts the previous commit 362e6663ef ("exec.c, compat.c: fix count(), compat_count() bounds checking") that tries to fix the check. This patch simply moves ++ after the check. Signed-off-by: Xi Wang <xi.wang@gmail.com> Cc: Jason Baron <jbaron@redhat.com> Cc: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2013-01-11 14:31:48 -08:00 · 2013-01-11 14:31:48 -08:00 · 6d92d4f6a7
parent 7964c06d66
commit 6d92d4f6a7
1 changed files with 2 additions and 1 deletions
--- a/fs/exec.c
+++ b/fs/exec.c
@ -434,8 +434,9 @@ static int count(struct user_arg_ptr argv, int max)
 			if (IS_ERR(p))
 				return -EFAULT;

-			if (i++ >= max)
+			if (i >= max)
 				return -E2BIG;
+			++i;

 			if (fatal_signal_pending(current))
 				return -ERESTARTNOHAND;