| Message ID | 50FF0B76.5040402@inktank.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
Reviewed-by: Dan Mick <dan.mick@inktank.com> On 01/22/2013 01:58 PM, Alex Elder wrote: > The return type of rbd_get_num_segments() is int, but the values it > operates on are u64. Although it's not likely, there's no guarantee > the result won't exceed what can be respresented in an int. The > function is already designed to return -ERANGE on error, so just add > this possible overflow as another reason to return that. > > Signed-off-by: Alex Elder <elder@inktank.com> > --- > drivers/block/rbd.c | 7 ++++++- > 1 file changed, 6 insertions(+), 1 deletion(-) > > diff --git a/drivers/block/rbd.c b/drivers/block/rbd.c > index 4ed0741..58d01e3 100644 > --- a/drivers/block/rbd.c > +++ b/drivers/block/rbd.c > @@ -820,6 +820,7 @@ static int rbd_get_num_segments(struct > rbd_image_header *header, > { > u64 start_seg; > u64 end_seg; > + u64 result; > > if (!len) > return 0; > @@ -829,7 +830,11 @@ static int rbd_get_num_segments(struct > rbd_image_header *header, > start_seg = ofs >> header->obj_order; > end_seg = (ofs + len - 1) >> header->obj_order; > > - return end_seg - start_seg + 1; > + result = end_seg - start_seg + 1; > + if (result > (u64) INT_MAX) > + return -ERANGE; > + > + return (int) result; > } > > /* > -- To unsubscribe from this list: send the line "unsubscribe ceph-devel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Reviewed-by: Josh Durgin <josh.durgin@inktank.com> On 01/22/2013 01:58 PM, Alex Elder wrote: > The return type of rbd_get_num_segments() is int, but the values it > operates on are u64. Although it's not likely, there's no guarantee > the result won't exceed what can be respresented in an int. The > function is already designed to return -ERANGE on error, so just add > this possible overflow as another reason to return that. > > Signed-off-by: Alex Elder <elder@inktank.com> > --- > drivers/block/rbd.c | 7 ++++++- > 1 file changed, 6 insertions(+), 1 deletion(-) > > diff --git a/drivers/block/rbd.c b/drivers/block/rbd.c > index 4ed0741..58d01e3 100644 > --- a/drivers/block/rbd.c > +++ b/drivers/block/rbd.c > @@ -820,6 +820,7 @@ static int rbd_get_num_segments(struct > rbd_image_header *header, > { > u64 start_seg; > u64 end_seg; > + u64 result; > > if (!len) > return 0; > @@ -829,7 +830,11 @@ static int rbd_get_num_segments(struct > rbd_image_header *header, > start_seg = ofs >> header->obj_order; > end_seg = (ofs + len - 1) >> header->obj_order; > > - return end_seg - start_seg + 1; > + result = end_seg - start_seg + 1; > + if (result > (u64) INT_MAX) > + return -ERANGE; > + > + return (int) result; > } > > /* > -- To unsubscribe from this list: send the line "unsubscribe ceph-devel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/drivers/block/rbd.c b/drivers/block/rbd.c index 4ed0741..58d01e3 100644 --- a/drivers/block/rbd.c +++ b/drivers/block/rbd.c @@ -820,6 +820,7 @@ static int rbd_get_num_segments(struct rbd_image_header *header, { u64 start_seg; u64 end_seg; + u64 result; if (!len)
The return type of rbd_get_num_segments() is int, but the values it operates on are u64. Although it's not likely, there's no guarantee the result won't exceed what can be respresented in an int. The function is already designed to return -ERANGE on error, so just add this possible overflow as another reason to return that. Signed-off-by: Alex Elder <elder@inktank.com> --- drivers/block/rbd.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) return 0; @@ -829,7 +830,11 @@ static int rbd_get_num_segments(struct rbd_image_header *header, start_seg = ofs >> header->obj_order; end_seg = (ofs + len - 1) >> header->obj_order; - return end_seg - start_seg + 1; + result = end_seg - start_seg + 1; + if (result > (u64) INT_MAX) + return -ERANGE; + + return (int) result; } /*