diff options
| author | Dan Carpenter <dan.carpenter@oracle.com> | 2016-04-13 09:40:59 +0300 |
|---|---|---|
| committer | David Sterba <dsterba@suse.com> | 2016-05-06 15:22:49 +0200 |
| commit | f5ecec3ce21f706e9e7a330b2e8e5a2941927b46 (patch) | |
| tree | 8f165eaa2ec88ddbd6ed769345523484ad8ca5ce | |
| parent | 41b34accb265e3a20211a7a8ef3625678f1c6ec7 (diff) | |
| download | linux-f5ecec3ce21f706e9e7a330b2e8e5a2941927b46.tar.gz | |
btrfs: send: silence an integer overflow warning
The "sizeof(*arg->clone_sources) * arg->clone_sources_count" expression can overflow. It causes several static checker warnings. It's all under CAP_SYS_ADMIN so it's not that serious but lets silence the warnings. Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Reviewed-by: David Sterba <dsterba@suse.com> Signed-off-by: David Sterba <dsterba@suse.com>
| -rw-r--r-- | fs/btrfs/send.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/fs/btrfs/send.c b/fs/btrfs/send.c index 8d358c547c59..ec433795fa71 100644 --- a/fs/btrfs/send.c +++ b/fs/btrfs/send.c @@ -5978,6 +5978,12 @@ long btrfs_ioctl_send(struct file *mnt_file, void __user *arg_) goto out; } + if (arg->clone_sources_count > + ULLONG_MAX / sizeof(*arg->clone_sources)) { + ret = -EINVAL; + goto out; + } + if (!access_ok(VERIFY_READ, arg->clone_sources, sizeof(*arg->clone_sources) * arg->clone_sources_count)) { |