[PATCH] fs: btrfs: prevent unintentional int overflow

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Coverity scan for 5.5.0-rc4 found a possible integer overflow in
tree-checker.c line 364.

`prev_csum_end = (prev_item_size / csumsize) * sectorsize;`

Quoting from scan results:

```
CID 1456959 Unintentional integer overflow

Unintentional integer overflow (OVERFLOW_BEFORE_WIDEN) overflow_before_widen:
Potentially overflowing expression `prev_item_size / csumsize * sectorsize`
with type unsigned int (32 bits, unsigned) is evaluated using 32-bit
arithmetic, and then used in a context that expects an expression of type u64.
(64 bits, unsigned).
```

Added a cast to `u64` on the left hand side of the expression.

Compiles fine on x86_64_defconfig with all btrfs config flags enabled.

Signed-off-by: Cengiz Can <cengiz@xxxxxxxxxx>
---
 fs/btrfs/tree-checker.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/fs/btrfs/tree-checker.c b/fs/btrfs/tree-checker.c
index 97f3520b8d98..9f58f07be779 100644
--- a/fs/btrfs/tree-checker.c
+++ b/fs/btrfs/tree-checker.c
@@ -361,7 +361,7 @@ static int check_csum_item(struct extent_buffer *leaf, struct btrfs_key *key,
 		u32 prev_item_size;
 
 		prev_item_size = btrfs_item_size_nr(leaf, slot - 1);
-		prev_csum_end = (prev_item_size / csumsize) * sectorsize;
+		prev_csum_end = (u64) (prev_item_size / csumsize) * sectorsize;
 		prev_csum_end += prev_key->offset;
 		if (prev_csum_end > key->offset) {
 			generic_err(leaf, slot - 1,
-- 
2.20.1
[Index of Archives]     [Linux Filesystem Development]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux