* [PATCH] erofs-utils: mkfs: fix integer overflow in erofs_blob_remap
@ 2021-11-11 1:55 David Anderson via Linux-erofs
2021-11-11 2:11 ` Gao Xiang
0 siblings, 1 reply; 2+ messages in thread
From: David Anderson via Linux-erofs @ 2021-11-11 1:55 UTC (permalink / raw)
To: linux-erofs
When using --chunksize, partitions greater than 2GiB can fail to build
due to integer overflow in erofs_blob_remap.
Signed-off-by: David Anderson <dvander@google.com>
---
include/erofs/io.h | 6 +++---
lib/blobchunk.c | 2 +-
lib/io.c | 12 ++++++------
3 files changed, 10 insertions(+), 10 deletions(-)
diff --git a/include/erofs/io.h b/include/erofs/io.h
index 2597c5c..9d73adc 100644
--- a/include/erofs/io.h
+++ b/include/erofs/io.h
@@ -27,9 +27,9 @@ u64 dev_length(void);
extern int erofs_devfd;
-int erofs_copy_file_range(int fd_in, erofs_off_t *off_in,
- int fd_out, erofs_off_t *off_out,
- size_t length);
+ssize_t erofs_copy_file_range(int fd_in, erofs_off_t *off_in,
+ int fd_out, erofs_off_t *off_out,
+ size_t length);
static inline int blk_write(const void *buf, erofs_blk_t blkaddr,
u32 nblocks)
diff --git a/lib/blobchunk.c b/lib/blobchunk.c
index 661c5d0..a0ff79c 100644
--- a/lib/blobchunk.c
+++ b/lib/blobchunk.c
@@ -179,7 +179,7 @@ int erofs_blob_remap(void)
struct erofs_buffer_head *bh;
ssize_t length;
erofs_off_t pos_in, pos_out;
- int ret;
+ ssize_t ret;
fflush(blobfile);
length = ftell(blobfile);
diff --git a/lib/io.c b/lib/io.c
index cfc062d..279c7dd 100644
--- a/lib/io.c
+++ b/lib/io.c
@@ -259,9 +259,9 @@ int dev_read(void *buf, u64 offset, size_t len)
return 0;
}
-static int __erofs_copy_file_range(int fd_in, erofs_off_t *off_in,
- int fd_out, erofs_off_t *off_out,
- size_t length)
+static ssize_t __erofs_copy_file_range(int fd_in, erofs_off_t *off_in,
+ int fd_out, erofs_off_t *off_out,
+ size_t length)
{
size_t copied = 0;
char buf[8192];
@@ -331,9 +331,9 @@ static int __erofs_copy_file_range(int fd_in, erofs_off_t *off_in,
return copied;
}
-int erofs_copy_file_range(int fd_in, erofs_off_t *off_in,
- int fd_out, erofs_off_t *off_out,
- size_t length)
+ssize_t erofs_copy_file_range(int fd_in, erofs_off_t *off_in,
+ int fd_out, erofs_off_t *off_out,
+ size_t length)
{
#ifdef HAVE_COPY_FILE_RANGE
off64_t off64_in = *off_in, off64_out = *off_out;
--
2.34.0.rc0.344.g81b53c2807-goog
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH] erofs-utils: mkfs: fix integer overflow in erofs_blob_remap
2021-11-11 1:55 [PATCH] erofs-utils: mkfs: fix integer overflow in erofs_blob_remap David Anderson via Linux-erofs
@ 2021-11-11 2:11 ` Gao Xiang
0 siblings, 0 replies; 2+ messages in thread
From: Gao Xiang @ 2021-11-11 2:11 UTC (permalink / raw)
To: David Anderson; +Cc: linux-erofs
Hi David,
On Thu, Nov 11, 2021 at 01:55:27AM +0000, David Anderson via Linux-erofs wrote:
> When using --chunksize, partitions greater than 2GiB can fail to build
> due to integer overflow in erofs_blob_remap.
>
> Signed-off-by: David Anderson <dvander@google.com>
Thanks for the report! good catch! Will apply this later.
Reviewed-by: Gao Xiang <hsiangkao@linux.alibaba.com>
(however, I think it needs several loops for 32-bit platforms.
I will fix it later...)
Thanks,
Gao Xiang
> ---
> include/erofs/io.h | 6 +++---
> lib/blobchunk.c | 2 +-
> lib/io.c | 12 ++++++------
> 3 files changed, 10 insertions(+), 10 deletions(-)
>
> diff --git a/include/erofs/io.h b/include/erofs/io.h
> index 2597c5c..9d73adc 100644
> --- a/include/erofs/io.h
> +++ b/include/erofs/io.h
> @@ -27,9 +27,9 @@ u64 dev_length(void);
>
> extern int erofs_devfd;
>
> -int erofs_copy_file_range(int fd_in, erofs_off_t *off_in,
> - int fd_out, erofs_off_t *off_out,
> - size_t length);
> +ssize_t erofs_copy_file_range(int fd_in, erofs_off_t *off_in,
> + int fd_out, erofs_off_t *off_out,
> + size_t length);
>
> static inline int blk_write(const void *buf, erofs_blk_t blkaddr,
> u32 nblocks)
> diff --git a/lib/blobchunk.c b/lib/blobchunk.c
> index 661c5d0..a0ff79c 100644
> --- a/lib/blobchunk.c
> +++ b/lib/blobchunk.c
> @@ -179,7 +179,7 @@ int erofs_blob_remap(void)
> struct erofs_buffer_head *bh;
> ssize_t length;
> erofs_off_t pos_in, pos_out;
> - int ret;
> + ssize_t ret;
>
> fflush(blobfile);
> length = ftell(blobfile);
> diff --git a/lib/io.c b/lib/io.c
> index cfc062d..279c7dd 100644
> --- a/lib/io.c
> +++ b/lib/io.c
> @@ -259,9 +259,9 @@ int dev_read(void *buf, u64 offset, size_t len)
> return 0;
> }
>
> -static int __erofs_copy_file_range(int fd_in, erofs_off_t *off_in,
> - int fd_out, erofs_off_t *off_out,
> - size_t length)
> +static ssize_t __erofs_copy_file_range(int fd_in, erofs_off_t *off_in,
> + int fd_out, erofs_off_t *off_out,
> + size_t length)
> {
> size_t copied = 0;
> char buf[8192];
> @@ -331,9 +331,9 @@ static int __erofs_copy_file_range(int fd_in, erofs_off_t *off_in,
> return copied;
> }
>
> -int erofs_copy_file_range(int fd_in, erofs_off_t *off_in,
> - int fd_out, erofs_off_t *off_out,
> - size_t length)
> +ssize_t erofs_copy_file_range(int fd_in, erofs_off_t *off_in,
> + int fd_out, erofs_off_t *off_out,
> + size_t length)
> {
> #ifdef HAVE_COPY_FILE_RANGE
> off64_t off64_in = *off_in, off64_out = *off_out;
> --
> 2.34.0.rc0.344.g81b53c2807-goog
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2021-11-11 2:12 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-11-11 1:55 [PATCH] erofs-utils: mkfs: fix integer overflow in erofs_blob_remap David Anderson via Linux-erofs
2021-11-11 2:11 ` Gao Xiang
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).