[lvc-project] [PATCH v2] udf: balloc: prevent integer overflow in udf_bitmap_free_blocks()
Sergey Shtylyov
s.shtylyov at omp.ru
Thu Jun 20 21:47:48 MSK 2024
Привет!
Я сразу не заметил, что твоё письмо уже было адресовано мэйнтейнеру.
Теперь я его убрал вместе с LKML...
On 6/20/24 10:24 AM, Roman Smirnov wrote:
> An overflow may occur if the function is called with the last
> block and an offset greater than zero. It is necessary to add
> a check to avoid this.
>
> Overflow is also possible when we sum offset and
> sizeof(struct spaceBitmapDesc) << 3. For this reason it
> is necessary to check overflow of this too. The result is
> stored in total_offset.
>
> Found by Linux Verification Center (linuxtesting.org) with Svace.
>
> Suggested-by: Jan Kara <jack at suse.com>
> Signed-off-by: Roman Smirnov <r.smirnov at omp.ru>
> ---
> V1 -> V2: Overflow checks have been replaced by functions
Лучше было бы что-то вроде "made use of check_add_overflow()"...
Ну и это не единственная была у тебя правка, надо было бы добавить:
- moved overflow check before the assignment to the block variable;
- added overflow check for the expfression offset + (sizeof(struct
spaceBitmapDesc) << 3).
[...]
MBR, Sergey
More information about the lvc-project
mailing list