From: chao@kernel.org (Chao Yu)
Subject: [PATCH 7/8] staging: erofs: fix integer overflow on 32-bit platform
Date: Sun, 12 Aug 2018 22:01:49 +0800 [thread overview]
Message-ID: <20180812140150.13397-8-chao@kernel.org> (raw)
In-Reply-To: <20180812140150.13397-1-chao@kernel.org>
From: Gao Xiang <gaoxiang25@huawei.com>
This patch fixes integer overflow on multiplication
of 32-bit `lcn' in z_erofs_map_blocks_iter.
Signed-off-by: Gao Xiang <gaoxiang25 at huawei.com>
Reviewed-by: Chao Yu <yuchao0 at huawei.com>
Signed-off-by: Chao Yu <yuchao0 at huawei.com>
---
drivers/staging/erofs/unzip_vle.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/drivers/staging/erofs/unzip_vle.c b/drivers/staging/erofs/unzip_vle.c
index ae99b6811d4a..6c5b0a312592 100644
--- a/drivers/staging/erofs/unzip_vle.c
+++ b/drivers/staging/erofs/unzip_vle.c
@@ -1513,7 +1513,7 @@ static erofs_off_t vle_get_logical_extent_head(
*flags ^= EROFS_MAP_ZIPPED;
case Z_EROFS_VLE_CLUSTER_TYPE_HEAD:
/* clustersize should be a power of two */
- ofs = ((unsigned long long)lcn << clusterbits) +
+ ofs = ((u64)lcn << clusterbits) +
(le16_to_cpu(di->di_clusterofs) & (clustersize - 1));
*pcn = le32_to_cpu(di->di_u.blkaddr);
break;
@@ -1595,7 +1595,7 @@ int z_erofs_map_blocks_iter(struct inode *inode,
/* by default, compressed */
map->m_flags |= EROFS_MAP_ZIPPED;
- end = (u64)(lcn + 1) * clustersize;
+ end = ((u64)lcn + 1) * clustersize;
cluster_type = vle_cluster_type(di);
@@ -1611,7 +1611,7 @@ int z_erofs_map_blocks_iter(struct inode *inode,
}
if (ofs_rem > logical_cluster_ofs) {
- ofs = lcn * clustersize | logical_cluster_ofs;
+ ofs = (u64)lcn * clustersize | logical_cluster_ofs;
pcn = le32_to_cpu(di->di_u.blkaddr);
break;
}
@@ -1623,7 +1623,7 @@ int z_erofs_map_blocks_iter(struct inode *inode,
err = -EIO;
goto unmap_out;
}
- end = (lcn-- * clustersize) | logical_cluster_ofs;
+ end = ((u64)lcn-- * clustersize) | logical_cluster_ofs;
/* fallthrough */
case Z_EROFS_VLE_CLUSTER_TYPE_NONHEAD:
/* get the correspoinding first chunk */
--
2.18.0
WARNING: multiple messages have this Message-ID (diff)
From: Chao Yu <chao@kernel.org>
To: gregkh@linuxfoundation.org, devel@driverdev.osuosl.org
Cc: linux-erofs@lists.ozlabs.org, linux-kernel@vger.kernel.org,
Gao Xiang <gaoxiang25@huawei.com>, Chao Yu <yuchao0@huawei.com>
Subject: [PATCH 7/8] staging: erofs: fix integer overflow on 32-bit platform
Date: Sun, 12 Aug 2018 22:01:49 +0800 [thread overview]
Message-ID: <20180812140150.13397-8-chao@kernel.org> (raw)
In-Reply-To: <20180812140150.13397-1-chao@kernel.org>
From: Gao Xiang <gaoxiang25@huawei.com>
This patch fixes integer overflow on multiplication
of 32-bit `lcn' in z_erofs_map_blocks_iter.
Signed-off-by: Gao Xiang <gaoxiang25@huawei.com>
Reviewed-by: Chao Yu <yuchao0@huawei.com>
Signed-off-by: Chao Yu <yuchao0@huawei.com>
---
drivers/staging/erofs/unzip_vle.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/drivers/staging/erofs/unzip_vle.c b/drivers/staging/erofs/unzip_vle.c
index ae99b6811d4a..6c5b0a312592 100644
--- a/drivers/staging/erofs/unzip_vle.c
+++ b/drivers/staging/erofs/unzip_vle.c
@@ -1513,7 +1513,7 @@ static erofs_off_t vle_get_logical_extent_head(
*flags ^= EROFS_MAP_ZIPPED;
case Z_EROFS_VLE_CLUSTER_TYPE_HEAD:
/* clustersize should be a power of two */
- ofs = ((unsigned long long)lcn << clusterbits) +
+ ofs = ((u64)lcn << clusterbits) +
(le16_to_cpu(di->di_clusterofs) & (clustersize - 1));
*pcn = le32_to_cpu(di->di_u.blkaddr);
break;
@@ -1595,7 +1595,7 @@ int z_erofs_map_blocks_iter(struct inode *inode,
/* by default, compressed */
map->m_flags |= EROFS_MAP_ZIPPED;
- end = (u64)(lcn + 1) * clustersize;
+ end = ((u64)lcn + 1) * clustersize;
cluster_type = vle_cluster_type(di);
@@ -1611,7 +1611,7 @@ int z_erofs_map_blocks_iter(struct inode *inode,
}
if (ofs_rem > logical_cluster_ofs) {
- ofs = lcn * clustersize | logical_cluster_ofs;
+ ofs = (u64)lcn * clustersize | logical_cluster_ofs;
pcn = le32_to_cpu(di->di_u.blkaddr);
break;
}
@@ -1623,7 +1623,7 @@ int z_erofs_map_blocks_iter(struct inode *inode,
err = -EIO;
goto unmap_out;
}
- end = (lcn-- * clustersize) | logical_cluster_ofs;
+ end = ((u64)lcn-- * clustersize) | logical_cluster_ofs;
/* fallthrough */
case Z_EROFS_VLE_CLUSTER_TYPE_NONHEAD:
/* get the correspoinding first chunk */
--
2.18.0
next prev parent reply other threads:[~2018-08-12 14:01 UTC|newest]
Thread overview: 60+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-08-12 14:01 [PATCH 0/8] staging: erofs: fix some issues and clean up codes Chao Yu
2018-08-12 14:01 ` Chao Yu
2018-08-12 14:01 ` [PATCH 1/8] staging: erofs: introduce erofs_grab_bio Chao Yu
2018-08-12 14:01 ` Chao Yu
2018-08-12 14:01 ` [PATCH 2/8] staging: erofs: separate erofs_get_meta_page Chao Yu
2018-08-12 14:01 ` Chao Yu
2018-08-13 11:04 ` Dan Carpenter
2018-08-13 11:04 ` Dan Carpenter
2018-08-13 11:23 ` Gao Xiang
2018-08-13 11:23 ` Gao Xiang
2018-08-13 12:34 ` Chao Yu
2018-08-13 12:34 ` Chao Yu
2018-08-12 14:01 ` [PATCH 3/8] staging: erofs: add error handling for xattr submodule Chao Yu
2018-08-12 14:01 ` Chao Yu
2018-08-13 2:00 ` Chao Yu
2018-08-13 2:00 ` Chao Yu
2018-08-13 2:36 ` Gao Xiang
2018-08-13 2:36 ` Gao Xiang
2018-08-13 2:56 ` [PATCH v2 " Gao Xiang
2018-08-13 2:56 ` Gao Xiang
2018-08-13 8:15 ` [PATCH " Chao Yu
2018-08-13 8:15 ` Chao Yu
2018-08-13 11:47 ` Dan Carpenter
2018-08-13 11:47 ` Dan Carpenter
2018-08-13 12:17 ` Gao Xiang
2018-08-13 12:17 ` Gao Xiang
2018-08-13 12:25 ` Dan Carpenter
2018-08-13 12:25 ` Dan Carpenter
2018-08-13 13:40 ` Gao Xiang
2018-08-13 13:40 ` Gao Xiang
2018-08-13 13:50 ` Dan Carpenter
2018-08-13 13:50 ` Dan Carpenter
2018-08-13 12:40 ` Dan Carpenter
2018-08-13 12:40 ` Dan Carpenter
2018-08-13 12:46 ` Gao Xiang
2018-08-13 12:46 ` Gao Xiang
2018-08-13 12:46 ` Chao Yu
2018-08-13 12:46 ` Chao Yu
2018-08-12 14:01 ` [PATCH 4/8] staging: erofs: cleanup z_erofs_vle_work_{lookup, register} Chao Yu
2018-08-12 14:01 ` Chao Yu
2018-08-13 12:00 ` Dan Carpenter
2018-08-13 12:00 ` Dan Carpenter
2018-08-13 12:37 ` Gao Xiang
2018-08-13 12:37 ` Gao Xiang
2018-08-13 13:05 ` Dan Carpenter
2018-08-13 13:05 ` Dan Carpenter
2018-08-13 13:19 ` Gao Xiang
2018-08-13 13:19 ` Gao Xiang
2018-08-12 14:01 ` [PATCH 5/8] staging: erofs: rearrange vle clustertype definitions Chao Yu
2018-08-12 14:01 ` Chao Yu
2018-08-12 14:01 ` [PATCH 6/8] staging: erofs: fix vle_decompressed_index_clusterofs Chao Yu
2018-08-12 14:01 ` Chao Yu
2018-08-13 12:03 ` Dan Carpenter
2018-08-13 12:03 ` Dan Carpenter
2018-08-13 13:01 ` Gao Xiang
2018-08-13 13:01 ` Gao Xiang
2018-08-12 14:01 ` Chao Yu [this message]
2018-08-12 14:01 ` [PATCH 7/8] staging: erofs: fix integer overflow on 32-bit platform Chao Yu
2018-08-12 14:01 ` [PATCH 8/8] staging: erofs: fix compression mapping beyond EOF Chao Yu
2018-08-12 14:01 ` Chao Yu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180812140150.13397-8-chao@kernel.org \
--to=chao@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.