[lvc-project] [PATCH 2/2] xfs_refcount: Preventing integer overflow

Andrey Shumilin shum.sdl at nppct.ru
Sat Mar 23 09:26:03 MSK 2024


Multiplying variables can overflow the "overhead" variable.
To fix this, the variable type has been increased.
Next, a subtraction operation occurs with it,
but before that it is checked.

Found by Linux Verification Center (linuxtesting.org) with SVACE.
Signed-off-by: Andrey Shumilin <shum.sdl at nppct.ru>
---
 fs/xfs/libxfs/xfs_refcount.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/fs/xfs/libxfs/xfs_refcount.c b/fs/xfs/libxfs/xfs_refcount.c
index 511c912d515c..cbf07552eaff 100644
--- a/fs/xfs/libxfs/xfs_refcount.c
+++ b/fs/xfs/libxfs/xfs_refcount.c
@@ -1070,7 +1070,7 @@ static bool
 xfs_refcount_still_have_space(
 	struct xfs_btree_cur		*cur)
 {
-	unsigned long			overhead;
+	unsigned long long		overhead;
 
 	/*
 	 * Worst case estimate: full splits of the free space and rmap btrees
-- 
2.30.2




More information about the lvc-project mailing list