LOGBOOK

HELP

Quiz Entry - updated: 2026.07.07

How can you fix the integer overflow vulnerability in kernel code?

Use an unsigned type like size_t for sizes (so it can't be negative), or explicitly reject negative lengths before the comparison.

Vulnerable code:

int copy_from_kernel(void *user_dest, int maxlen) {
    int len = maxlen > KSIZE ? KSIZE : maxlen;

Fixed code:

int copy_from_kernel(void *user_dest, size_t maxlen) {
    size_t len = maxlen > KSIZE ? KSIZE : maxlen;

Key fixes:

  1. Use size_t (unsigned) for sizes - can't be negative
  2. Or explicitly check: if (maxlen < 0) return -1;
  3. Use consistent types in comparisons

Also fix the caller:

void getstuff() {
    char mybuf[MSIZE];
    // Use constant, not user input
    copy_from_kernel(mybuf, MSIZE);
}

Go deeper:

From Quiz: REVE1 / Overview of Computer Systems | Updated: Jul 07, 2026