1. Patchew
  2. linux
  3. [PATCH v7 0/5] lib and lib/cmdline enhancements
  4. View patch

[PATCH v7 2/5] lib: fix memparse() to handle overflow

Dmitry Antipov posted 5 patches 1 month, 2 weeks ago
There is a newer version of this series
[PATCH v7 2/5] lib: fix memparse() to handle overflow
Posted by Dmitry Antipov 1 month, 2 weeks ago 
Since '_parse_integer_limit()' (and so 'simple_strtoull()') is now
capable to handle overflow, adjust 'memparse()' to handle overflow
(denoted by ULLONG_MAX) returned from 'simple_strtoull()'. Also
use 'check_shl_overflow()' to catch an overflow possibly caused
by processing size suffix and denote it with ULLONG_MAX as well.

Signed-off-by: Dmitry Antipov <dmantipov@yandex.ru>
---
v7: do not double-adjust endptr and drop
    redundant check against ULLONG_MAX
v6: handle valid-suffix-only string like "k"
    as unrecognized, minor style adjustments
v5: initial version to join the series
---
 lib/cmdline.c | 27 +++++++++++++++++++--------
 1 file changed, 19 insertions(+), 8 deletions(-)

diff --git a/lib/cmdline.c b/lib/cmdline.c
index 90ed997d9570..32da6f5a9cdb 100644
--- a/lib/cmdline.c
+++ b/lib/cmdline.c
@@ -150,39 +150,50 @@ EXPORT_SYMBOL(get_options);
 unsigned long long memparse(const char *ptr, char **retptr)
 {
 	char *endptr;	/* local pointer to end of parsed string */
-
 	unsigned long long ret = simple_strtoull(ptr, &endptr, 0);
+	unsigned int shl = 0;
 
+	/* Consume valid suffix even in case of overflow. */
 	switch (*endptr) {
 	case 'E':
 	case 'e':
-		ret <<= 10;
+		shl += 10;
 		fallthrough;
 	case 'P':
 	case 'p':
-		ret <<= 10;
+		shl += 10;
 		fallthrough;
 	case 'T':
 	case 't':
-		ret <<= 10;
+		shl += 10;
 		fallthrough;
 	case 'G':
 	case 'g':
-		ret <<= 10;
+		shl += 10;
 		fallthrough;
 	case 'M':
 	case 'm':
-		ret <<= 10;
+		shl += 10;
 		fallthrough;
 	case 'K':
 	case 'k':
-		ret <<= 10;
-		endptr++;
+		shl += 10;
 		fallthrough;
 	default:
 		break;
 	}
 
+	if (shl && likely(ptr != endptr)) {
+		/* Have valid suffix with preceding number. */
+		unsigned long long val;
+
+		if (unlikely(check_shl_overflow(ret, shl, &val)))
+			ret = ULLONG_MAX;
+		else
+			ret = val;
+		endptr++;
+	}
+
 	if (retptr)
 		*retptr = endptr;
 
-- 
2.53.0
Re: [PATCH v7 2/5] lib: fix memparse() to handle overflow
Posted by Andy Shevchenko 1 month, 2 weeks ago 
On Thu, Feb 12, 2026 at 03:56:25PM +0300, Dmitry Antipov wrote:
> Since '_parse_integer_limit()' (and so 'simple_strtoull()') is now
> capable to handle overflow, adjust 'memparse()' to handle overflow
> (denoted by ULLONG_MAX) returned from 'simple_strtoull()'. Also
> use 'check_shl_overflow()' to catch an overflow possibly caused
> by processing size suffix and denote it with ULLONG_MAX as well.

Assuming this is a desired check and you undertake any required
action in case of user breakage, the code wise this version LGTM,
Reviewed-by: Andy Shevchenko <andriy.shevchenko@intel.com>

...

> +	if (shl && likely(ptr != endptr)) {

IIUC the second check is not needed, but harmless as it's basically a shortcut
for a single allowed unit letter.

> +		/* Have valid suffix with preceding number. */
> +		unsigned long long val;
> +
> +		if (unlikely(check_shl_overflow(ret, shl, &val)))
> +			ret = ULLONG_MAX;
> +		else

Id est if we came here with ret == 0, shl == 0, we would get val == 0.

> +			ret = val;
> +		endptr++;
> +	}

-- 
With Best Regards,
Andy Shevchenko

Patchew 2.1-devel-ea86937

© 2016 - 2026 Red Hat, Inc.