redonkable/alistair23-linux
redonkable/alistair23-linux
1
0
Fork 0
Code Releases Activity

rbd: check for overflow in rbd_get_num_segments()

Browse source 
The return type of rbd_get_num_segments() is int, but the values it
operates on are u64.  Although it's not likely, there's no guarantee
the result won't exceed what can be respresented in an int.  The
function is already designed to return -ERANGE on error, so just add
this possible overflow as another reason to return that.

Signed-off-by: Alex Elder <elder@inktank.com>
Reviewed-by: Dan Mick <dan.mick@inktank.com>
Reviewed-by: Josh Durgin <josh.durgin@inktank.com>
This commit is contained in:
Alex Elder 2013-01-10 12:56:58 -06:00
parent 98571b5aa7
commit 38901e0f24
1 changed files with 6 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
drivers/block/rbd.c
View file

@ -820,6 +820,7 @@ static int rbd_get_num_segments(struct rbd_image_header *header,
{
u64 start_seg;
u64 end_seg;
u64 result;
if (!len)
return 0;
@ -829,7 +830,11 @@ static int rbd_get_num_segments(struct rbd_image_header *header,
start_seg = ofs >> header->obj_order;
end_seg = (ofs + len - 1) >> header->obj_order;
return end_seg - start_seg + 1;
result = end_seg - start_seg + 1;
if (result > (u64) INT_MAX)
return -ERANGE;
return (int) result;
}
/*