[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <b4d8649c-5cda-42da-8b6c-058bd42b3484@astralinux.ru>
Date: Thu, 1 Feb 2024 15:01:20 +0300
From: Анастасия Любимова
<abelova@...ralinux.ru>
To: Anders Larsen <al@...rsen.net>
Cc: linux-kernel@...r.kernel.org, lvc-project@...uxtesting.org
Subject: Re: [PATCH] qnx4: add upcasting to avoid overflow
Just a friendly reminder.
23/11/23 13:06, Anastasia Belova пишет:
> To avoid possible integer overflow in qnx4_statfs
> cast literal to unsigned long. Otherwise multiplication
> of two u32 may give a value that is outside of the range.
>
> Found by Linux Verification Center (linuxtesting.org) with SVACE.
>
> Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
> Signed-off-by: Anastasia Belova <abelova@...ralinux.ru>
> ---
> fs/qnx4/inode.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/fs/qnx4/inode.c b/fs/qnx4/inode.c
> index 6eb9bb369b57..4be8dba60567 100644
> --- a/fs/qnx4/inode.c
> +++ b/fs/qnx4/inode.c
> @@ -133,7 +133,7 @@ static int qnx4_statfs(struct dentry *dentry, struct kstatfs *buf)
>
> buf->f_type = sb->s_magic;
> buf->f_bsize = sb->s_blocksize;
> - buf->f_blocks = le32_to_cpu(qnx4_sb(sb)->BitMap->di_size) * 8;
> + buf->f_blocks = le32_to_cpu(qnx4_sb(sb)->BitMap->di_size) * 8ul;
> buf->f_bfree = qnx4_count_free_blocks(sb);
> buf->f_bavail = buf->f_bfree;
> buf->f_namelen = QNX4_NAME_MAX;
Powered by blists - more mailing lists