* [PATCH] xfs_io: fix signed comparison problem in copy_file_range
@ 2018-06-01 0:11 Darrick J. Wong
2018-06-01 0:36 ` Eric Sandeen
0 siblings, 1 reply; 2+ messages in thread
From: Darrick J. Wong @ 2018-06-01 0:11 UTC (permalink / raw)
To: Eric Sandeen; +Cc: xfs
From: Darrick J. Wong <darrick.wong@oracle.com>
cvtnum() returns a signed long long, so the type of 'len' should be a
signed type so that a user entering a negative length doesn't produce
some huge positive integer. The negative len check demands it anyway.
Coverity-id: 1435895
Fixes: 25b4549c8b54134106cff094aa098eab9e86eee7
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
---
io/copy_file_range.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/io/copy_file_range.c b/io/copy_file_range.c
index ebd1ec76..4d0770ef 100644
--- a/io/copy_file_range.c
+++ b/io/copy_file_range.c
@@ -91,7 +91,7 @@ copy_range_f(int argc, char **argv)
{
long long src = 0;
long long dst = 0;
- size_t len = 0;
+ long long len = 0;
int opt;
int ret;
int fd;
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH] xfs_io: fix signed comparison problem in copy_file_range
2018-06-01 0:11 [PATCH] xfs_io: fix signed comparison problem in copy_file_range Darrick J. Wong
@ 2018-06-01 0:36 ` Eric Sandeen
0 siblings, 0 replies; 2+ messages in thread
From: Eric Sandeen @ 2018-06-01 0:36 UTC (permalink / raw)
To: Darrick J. Wong, Eric Sandeen; +Cc: xfs
On 5/31/18 7:11 PM, Darrick J. Wong wrote:
> From: Darrick J. Wong <darrick.wong@oracle.com>
>
> cvtnum() returns a signed long long, so the type of 'len' should be a
> signed type so that a user entering a negative length doesn't produce
> some huge positive integer. The negative len check demands it anyway.
>
> Coverity-id: 1435895
> Fixes: 25b4549c8b54134106cff094aa098eab9e86eee7
> Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
*sigh* I actually looked at the first two long longs, verified that's
what cvtnum returned, and moved on before spot-checking the 3rd o_O.
Thanks!
Reviewed-by: Eric Sandeen <sandeen@redhat.com>
> ---
> io/copy_file_range.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/io/copy_file_range.c b/io/copy_file_range.c
> index ebd1ec76..4d0770ef 100644
> --- a/io/copy_file_range.c
> +++ b/io/copy_file_range.c
> @@ -91,7 +91,7 @@ copy_range_f(int argc, char **argv)
> {
> long long src = 0;
> long long dst = 0;
> - size_t len = 0;
> + long long len = 0;
> int opt;
> int ret;
> int fd;
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2018-06-01 0:36 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-06-01 0:11 [PATCH] xfs_io: fix signed comparison problem in copy_file_range Darrick J. Wong
2018-06-01 0:36 ` Eric Sandeen
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.