From: Qu Wenruo <wqu@suse.com>
To: u-boot@lists.denx.de
Subject: [PATCH 2/4] fs: btrfs: volumes: prevent overflow for multiplying
Date: Sat, 31 Oct 2020 09:07:50 +0800 [thread overview]
Message-ID: <20201031010752.23974-3-wqu@suse.com> (raw)
In-Reply-To: <20201031010752.23974-1-wqu@suse.com>
In __btrfs_map_block() we do a int * int and assign it to u64.
This is not safe as the result (int * int) is still evaluated as (int)
thus it can overflow.
Convert one of the multiplier to u64 to prevent such problem.
In real world, this should not cause problem as we have device number
limit thus it won't go beyond 4G for a single stripe.
But it's harder to teach coverity about all these hidden limits, so just
fix the possible overflow.
Reported-by: Coverity CID 312957
Reported-by: Coverity CID 312948
Signed-off-by: Qu Wenruo <wqu@suse.com>
---
fs/btrfs/volumes.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/fs/btrfs/volumes.c b/fs/btrfs/volumes.c
index fcf52d4b0ff3..4aaaeab663f5 100644
--- a/fs/btrfs/volumes.c
+++ b/fs/btrfs/volumes.c
@@ -1030,7 +1030,7 @@ again:
*/
stripe_nr = stripe_nr / map->stripe_len;
- stripe_offset = stripe_nr * map->stripe_len;
+ stripe_offset = stripe_nr * (u64)map->stripe_len;
BUG_ON(offset < stripe_offset);
/* stripe_offset is the offset of this block in its stripe*/
@@ -1103,7 +1103,7 @@ again:
rot = stripe_nr % map->num_stripes;
/* Fill in the logical address of each stripe */
- tmp = stripe_nr * nr_data_stripes(map);
+ tmp = (u64)stripe_nr * nr_data_stripes(map);
for (i = 0; i < nr_data_stripes(map); i++)
raid_map[(i+rot) % map->num_stripes] =
--
2.29.1
next prev parent reply other threads:[~2020-10-31 1:07 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-10-31 1:07 [PATCH 0/4] fs: btrfs: coverity fixes Qu Wenruo
2020-10-31 1:07 ` [PATCH 1/4] fs: btrfs: inode: handle uninitialized type before returning it Qu Wenruo
2020-11-01 22:59 ` Marek Behun
2020-11-20 1:36 ` Tom Rini
2020-10-31 1:07 ` Qu Wenruo [this message]
2020-11-01 23:02 ` [PATCH 2/4] fs: btrfs: volumes: prevent overflow for multiplying Marek Behun
2020-11-02 0:20 ` Qu Wenruo
2020-11-02 1:06 ` Qu Wenruo
2021-01-20 21:46 ` Tom Rini
2020-10-31 1:07 ` [PATCH 3/4] fs: btrfs: initialize @ret to 0 to prevent uninitialized return value Qu Wenruo
2020-11-01 23:03 ` Marek Behun
2020-11-20 1:36 ` Tom Rini
2020-10-31 1:07 ` [PATCH 4/4] fs: btrfs: initialize @ii in show_dir() to make coverity happy Qu Wenruo
2020-11-01 23:06 ` Marek Behun
2020-11-02 0:27 ` Qu Wenruo
2020-11-02 7:24 ` Marek Behun
2020-11-02 7:27 ` Qu Wenruo
2020-11-02 20:17 ` Tom Rini
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20201031010752.23974-3-wqu@suse.com \
--to=wqu@suse.com \
--cc=u-boot@lists.denx.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox