dm-unstriped: cast an operand to sector_t to prevent potential uint32_t overflow

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

This was found by a static analyzer.
There may be a potential integer overflow issue in
unstripe_ctr(). uc->unstripe_offset and uc->unstripe_width are
defined as "sector_t"(uint64_t), while uc->unstripe,
uc->chunk_size and uc->stripes are all defined as "uint32_t".
The result of the calculation will be limited to "uint32_t"
without correct casting.
So, we recommend adding an extra cast to prevent potential
integer overflow.

Fixes: 18a5bf270532 ("dm: add unstriped target")
Signed-off-by: Zichen Xie <zichenxie0106@gmail.com>
Signed-off-by: Mikulas Patocka <mpatocka@redhat.com>
Cc: stable@vger.kernel.org

authored by

Zichen Xie and committed by

Mikulas Patocka 1 year ago 5a4510c7 fed13a54

+2 -2

1 changed file

expand all

drivers

dm-unstripe.c

+2 -2

drivers/md/dm-unstripe.c

··· 85 85 } 86 86 uc->physical_start = start; 87 87 88 - uc->unstripe_offset = uc->unstripe * uc->chunk_size; 89 - uc->unstripe_width = (uc->stripes - 1) * uc->chunk_size; 88 + uc->unstripe_offset = (sector_t)uc->unstripe * uc->chunk_size; 89 + uc->unstripe_width = (sector_t)(uc->stripes - 1) * uc->chunk_size; 90 90 uc->chunk_shift = is_power_of_2(uc->chunk_size) ? fls(uc->chunk_size) - 1 : 0; 91 91 92 92 tmp_len = ti->len;