Re: another possible integer truncation in xfs
From: Christoph Hellwig <hch@lst.de>
Date: 2017-08-21 08:16:05
From: Christoph Hellwig <hch@lst.de>
Date: 2017-08-21 08:16:05
On Mon, Aug 21, 2017 at 08:01:03AM +0000, Markus Stockhausen wrote:
Hi Christoph,
out of curiosity I looked for other use cases of min_t in xfs. At least
until 4.12 there is a similar constellation in xfs_dir2_leaf_readbuf:
if (trim_map) {
mip->map_blocks -= geo->fsbcount;
/*
* Loop to get rid of the extents for the
* directory block.
*/
for (i = geo->fsbcount; i > 0; ) {
j = min_t(int, map->br_blockcount, i);
map->br_blockcount -= j;
map->br_startblock += j;
map->br_startoff += j;
The loop could go havoc if map->br_blockcount is larger than
2G. If you think it could classify for stable feel free to add it too.I don't think it has a chance to be larger in practice, but we should fix it anyway. I'll prepare a patch. Thanks for spotting this!