All of lore.kernel.org
 help / color / mirror / Atom feed
* [PATCH] xfs_io: fix signed comparison problem in copy_file_range
@ 2018-06-01  0:11 Darrick J. Wong
  2018-06-01  0:36 ` Eric Sandeen
  0 siblings, 1 reply; 2+ messages in thread
From: Darrick J. Wong @ 2018-06-01  0:11 UTC (permalink / raw)
  To: Eric Sandeen; +Cc: xfs

From: Darrick J. Wong <darrick.wong@oracle.com>

cvtnum() returns a signed long long, so the type of 'len' should be a
signed type so that a user entering a negative length doesn't produce
some huge positive integer.  The negative len check demands it anyway.

Coverity-id: 1435895
Fixes: 25b4549c8b54134106cff094aa098eab9e86eee7
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
---
 io/copy_file_range.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/io/copy_file_range.c b/io/copy_file_range.c
index ebd1ec76..4d0770ef 100644
--- a/io/copy_file_range.c
+++ b/io/copy_file_range.c
@@ -91,7 +91,7 @@ copy_range_f(int argc, char **argv)
 {
 	long long src = 0;
 	long long dst = 0;
-	size_t len = 0;
+	long long len = 0;
 	int opt;
 	int ret;
 	int fd;

^ permalink raw reply related	[flat|nested] 2+ messages in thread
* Re: [PATCH] xfs_io: fix signed comparison problem in copy_file_range
  2018-06-01  0:11 [PATCH] xfs_io: fix signed comparison problem in copy_file_range Darrick J. Wong
@ 2018-06-01  0:36 ` Eric Sandeen
  0 siblings, 0 replies; 2+ messages in thread
From: Eric Sandeen @ 2018-06-01  0:36 UTC (permalink / raw)
  To: Darrick J. Wong, Eric Sandeen; +Cc: xfs



On 5/31/18 7:11 PM, Darrick J. Wong wrote:
> From: Darrick J. Wong <darrick.wong@oracle.com>
> 
> cvtnum() returns a signed long long, so the type of 'len' should be a
> signed type so that a user entering a negative length doesn't produce
> some huge positive integer.  The negative len check demands it anyway.
> 
> Coverity-id: 1435895
> Fixes: 25b4549c8b54134106cff094aa098eab9e86eee7
> Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>

*sigh* I actually looked at the first two long longs, verified that's
what cvtnum returned, and moved on before spot-checking the 3rd o_O.

Thanks!

Reviewed-by: Eric Sandeen <sandeen@redhat.com>

> ---
>  io/copy_file_range.c |    2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/io/copy_file_range.c b/io/copy_file_range.c
> index ebd1ec76..4d0770ef 100644
> --- a/io/copy_file_range.c
> +++ b/io/copy_file_range.c
> @@ -91,7 +91,7 @@ copy_range_f(int argc, char **argv)
>  {
>  	long long src = 0;
>  	long long dst = 0;
> -	size_t len = 0;
> +	long long len = 0;
>  	int opt;
>  	int ret;
>  	int fd;


^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2018-06-01  0:36 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-06-01  0:11 [PATCH] xfs_io: fix signed comparison problem in copy_file_range Darrick J. Wong
2018-06-01  0:36 ` Eric Sandeen

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.