| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 7 Apr 2023 03:24:06 +0800
From: Nur Hussein <hussein@...xcat.org>
To: clm@...com, josef@...icpanda.com, dsterba@...e.com,
linux-btrfs@...r.kernel.org, linux-kernel@...r.kernel.org
Cc: Nur Hussein <hussein@...xcat.org>
Subject: [PATCH] btrfs: Avoid potential integer overflow when left-shifting 32-bit int
In scrub_stripe(), the 32-bit signed value returned by the
nr_data_stripes(map) function call should be cast to u64
before being shifted left by BTRFS_STRIPE_LEN_SHIFT (16),
as a cautionary measure to avoid potential overflows. We
then assign it to a u64 value anyway, so a cast before a
shift seems prudent.
Signed-off-by: Nur Hussein <hussein@...xcat.org>
---
fs/btrfs/scrub.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/btrfs/scrub.c b/fs/btrfs/scrub.c
index ccb4f58ae307..4de1665fcd52 100644
--- a/fs/btrfs/scrub.c
+++ b/fs/btrfs/scrub.c
@@ -2187,7 +2187,7 @@ static noinline_for_stack int scrub_stripe(struct scrub_ctx *sctx,
/* Initialize @offset in case we need to go to out: label */
get_raid56_logic_offset(physical, stripe_index, map, &offset, NULL);
- increment = nr_data_stripes(map) << BTRFS_STRIPE_LEN_SHIFT;
+ increment = (u64)nr_data_stripes(map) << BTRFS_STRIPE_LEN_SHIFT;
/*
* Due to the rotation, for RAID56 it's better to iterate each stripe
--
2.34.1
Powered by blists - more mailing lists