diff mbox series

scsi: use unsigned int variables to parse partition table

Message ID 20241114072939.1832821-1-quic_xiaosenh@quicinc.com (mailing list archive)
State Superseded
Headers show
Series scsi: use unsigned int variables to parse partition table | expand

Commit Message

Xiaosen He Nov. 14, 2024, 7:29 a.m. UTC
signed integer overflow happened in the following multiplication,
ext_cyl*(end_head+1)*end_sector = 0x41040*(0xff+1)*0x3f = 0xffffc000,
the overflow was caught by UBSAN and caused crash to the system,
use unsigned int instead of signed int to avoid integer overflow.

Signed-off-by: Xiaosen He <quic_xiaosenh@quicinc.com>
Signed-off-by: Jian Zhou <quic_jianzhou@quicinc.com>
---
 drivers/scsi/scsicam.c | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)
diff mbox series

Patch

diff --git a/drivers/scsi/scsicam.c b/drivers/scsi/scsicam.c
index 910f4a7a3924..544a008ea422 100644
--- a/drivers/scsi/scsicam.c
+++ b/drivers/scsi/scsicam.c
@@ -126,13 +126,14 @@  int scsi_partsize(unsigned char *buf, unsigned long capacity,
 	       unsigned int *cyls, unsigned int *hds, unsigned int *secs)
 {
 	struct partition *p = (struct partition *)buf, *largest = NULL;
-	int i, largest_cyl;
-	int cyl, ext_cyl, end_head, end_cyl, end_sector;
+	int i;
+	unsigned int largest_cyl = UINT_MAX;
+	unsigned int cyl, ext_cyl, end_head, end_cyl, end_sector;
 	unsigned int logical_end, physical_end, ext_physical_end;
 
 
 	if (*(unsigned short *) (buf + 64) == 0xAA55) {
-		for (largest_cyl = -1, i = 0; i < 4; ++i, ++p) {
+		for (i = 0; i < 4; ++i, ++p) {
 			if (!p->sys_ind)
 				continue;
 #ifdef DEBUG
@@ -140,7 +141,7 @@  int scsi_partsize(unsigned char *buf, unsigned long capacity,
 			       i);
 #endif
 			cyl = p->cyl + ((p->sector & 0xc0) << 2);
-			if (cyl > largest_cyl) {
+			if ((largest_cyl == UINT_MAX) || (cyl > largest_cyl)) {
 				largest_cyl = cyl;
 				largest = p;
 			}