dm raid: fix a couple integer overflows (3ca5a21a) · Commits · e / devices / android_kernel_teracube_emerald

drivers/md/dm-raid.c

+7 −9

Original line number	Diff line number	Diff line
		@@ -1243,7 +1243,7 @@ static int raid_ctr(struct dm_target ti, unsigned argc, char *argv)
		argv++;

		/* Skip over RAID params for now and find out # of devices */
		if (num_raid_params + 1 > argc) {
		if (num_raid_params >= argc) {
		ti->error = "Arguments do not agree with counts given";
		return -EINVAL;
		}
		@@ -1254,6 +1254,12 @@ static int raid_ctr(struct dm_target ti, unsigned argc, char *argv)
		return -EINVAL;
		}

		argc -= num_raid_params + 1; /* +1: we already have num_raid_devs */
		if (argc != (num_raid_devs * 2)) {
		ti->error = "Supplied RAID devices does not match the count given";
		return -EINVAL;
		}

		rs = context_alloc(ti, rt, (unsigned)num_raid_devs);
		if (IS_ERR(rs))
		return PTR_ERR(rs);
		@@ -1262,16 +1268,8 @@ static int raid_ctr(struct dm_target ti, unsigned argc, char *argv)
		if (ret)
		goto bad;

		ret = -EINVAL;

		argc -= num_raid_params + 1; /* +1: we already have num_raid_devs */
		argv += num_raid_params + 1;

		if (argc != (num_raid_devs * 2)) {
		ti->error = "Supplied RAID devices does not match the count given";
		goto bad;
		}

		ret = dev_parms(rs, argv);
		if (ret)
		goto bad;