proc_bus_pci_read() assigns *ppos directly to an unsigned integer variable.
For large offsets, this implicit conversion may truncate the value and
cause reads from an incorrect position.

proc_bus_pci_write() explicitly validates *ppos and rejects values larger
than INT_MAX, while proc_bus_pci_read() currently accepts them. This
difference in position handling is unjustified.

Fix this by validating *ppos in proc_bus_pci_read() and rejecting offsets
larger than INT_MAX before the assignment, matching proc_bus_pci_write().

Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Signed-off-by: Ziming Du <duziming2@huawei.com>
Suggested-by: Ilpo Järvinen <ilpo.jarvinen@linux.intel.com>
---
 drivers/pci/proc.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/drivers/pci/proc.c b/drivers/pci/proc.c
index 2d51b26edbe74..f4ef7629dc78b 100644
--- a/drivers/pci/proc.c
+++ b/drivers/pci/proc.c
@@ -29,9 +29,12 @@ static ssize_t proc_bus_pci_read(struct file *file, char __user *buf,
 				 size_t nbytes, loff_t *ppos)
 {
 	struct pci_dev *dev = pde_data(file_inode(file));
-	unsigned int pos = *ppos;
+	int pos;
 	unsigned int cnt, size;
 
+	if (*ppos > INT_MAX)
+		return -EINVAL;
+	pos = *ppos;
 	/*
 	 * Normal users can read only the standardized portion of the
 	 * configuration space as several chips lock up when trying to read
-- 
2.43.0