Thread (4 messages) 4 messages, 3 authors, 2017-08-22

Re: another possible integer truncation in xfs

From: Christoph Hellwig <hch@lst.de>
Date: 2017-08-21 08:16:05

On Mon, Aug 21, 2017 at 08:01:03AM +0000, Markus Stockhausen wrote:
Hi Christoph,

out of curiosity I looked for other use cases of min_t in xfs. At least 
until 4.12 there is a similar constellation in xfs_dir2_leaf_readbuf:

  if (trim_map) {
    mip->map_blocks -= geo->fsbcount;
    /*
     * Loop to get rid of the extents for the
     * directory block.
     */
    for (i = geo->fsbcount; i > 0; ) {
      j = min_t(int, map->br_blockcount, i);
      map->br_blockcount -= j;
      map->br_startblock += j;
      map->br_startoff += j;

The loop could go havoc if map->br_blockcount is larger than 
2G. If you think it could classify for stable feel free to add it too.
I don't think it has a chance to be larger in practice, but we should
fix it anyway.  I'll prepare a patch.

Thanks for spotting this!
Keyboard shortcuts
hback out one level
jnext message in thread
kprevious message in thread
ldrill in
Escclose help / fold thread tree
?toggle this help