[lvc-project] [PATCH 2/2] xfs_refcount: Preventing integer overflow
Andrey Shumilin
shum.sdl at nppct.ru
Sat Mar 23 09:26:03 MSK 2024
Multiplying variables can overflow the "overhead" variable.
To fix this, the variable type has been increased.
Next, a subtraction operation occurs with it,
but before that it is checked.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
Signed-off-by: Andrey Shumilin <shum.sdl at nppct.ru>
---
fs/xfs/libxfs/xfs_refcount.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/xfs/libxfs/xfs_refcount.c b/fs/xfs/libxfs/xfs_refcount.c
index 511c912d515c..cbf07552eaff 100644
--- a/fs/xfs/libxfs/xfs_refcount.c
+++ b/fs/xfs/libxfs/xfs_refcount.c
@@ -1070,7 +1070,7 @@ static bool
xfs_refcount_still_have_space(
struct xfs_btree_cur *cur)
{
- unsigned long overhead;
+ unsigned long long overhead;
/*
* Worst case estimate: full splits of the free space and rmap btrees
--
2.30.2
More information about the lvc-project
mailing list