summaryrefslogtreecommitdiffstats
path: root/fs/btrfs/volumes.c
diff options
context:
space:
mode:
authorQu Wenruo <wqu@suse.com>2020-10-31 09:07:50 +0800
committerTom Rini <trini@konsulko.com>2021-01-20 14:01:08 -0500
commit3b72612ad191cad29aad3982221ff3355bec798d (patch)
treeed99eb7a5d1b867efcc8b216c4fb0b545281c1a4 /fs/btrfs/volumes.c
parent404bbc809da50fcf0b63566803d5061f80d93885 (diff)
downloadu-boot-3b72612ad191cad29aad3982221ff3355bec798d.tar.gz
u-boot-3b72612ad191cad29aad3982221ff3355bec798d.tar.xz
u-boot-3b72612ad191cad29aad3982221ff3355bec798d.zip
fs: btrfs: volumes: prevent overflow for multiplying
In __btrfs_map_block() we do a int * int and assign it to u64. This is not safe as the result (int * int) is still evaluated as (int) thus it can overflow. Convert one of the multiplier to u64 to prevent such problem. In real world, this should not cause problem as we have device number limit thus it won't go beyond 4G for a single stripe. But it's harder to teach coverity about all these hidden limits, so just fix the possible overflow. Reported-by: Coverity CID 312957 Reported-by: Coverity CID 312948 Signed-off-by: Qu Wenruo <wqu@suse.com>
Diffstat (limited to 'fs/btrfs/volumes.c')
-rw-r--r--fs/btrfs/volumes.c4
1 files changed, 2 insertions, 2 deletions
diff --git a/fs/btrfs/volumes.c b/fs/btrfs/volumes.c
index fcf52d4b0f..4aaaeab663 100644
--- a/fs/btrfs/volumes.c
+++ b/fs/btrfs/volumes.c
@@ -1030,7 +1030,7 @@ again:
*/
stripe_nr = stripe_nr / map->stripe_len;
- stripe_offset = stripe_nr * map->stripe_len;
+ stripe_offset = stripe_nr * (u64)map->stripe_len;
BUG_ON(offset < stripe_offset);
/* stripe_offset is the offset of this block in its stripe*/
@@ -1103,7 +1103,7 @@ again:
rot = stripe_nr % map->num_stripes;
/* Fill in the logical address of each stripe */
- tmp = stripe_nr * nr_data_stripes(map);
+ tmp = (u64)stripe_nr * nr_data_stripes(map);
for (i = 0; i < nr_data_stripes(map); i++)
raid_map[(i+rot) % map->num_stripes] =