Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit f5ecec3c authored by Dan Carpenter's avatar Dan Carpenter Committed by David Sterba
Browse files

btrfs: send: silence an integer overflow warning 



The "sizeof(*arg->clone_sources) * arg->clone_sources_count" expression
can overflow.  It causes several static checker warnings.  It's all
under CAP_SYS_ADMIN so it's not that serious but lets silence the
warnings.

Signed-off-by: default avatarDan Carpenter <dan.carpenter@oracle.com>
Reviewed-by: default avatarDavid Sterba <dsterba@suse.com>
Signed-off-by: default avatarDavid Sterba <dsterba@suse.com>
parent 41b34acc

fs/btrfs/send.c

+6 −0
Original line number Original line Diff line number Diff line
@@ -5978,6 +5978,12 @@ long btrfs_ioctl_send(struct file *mnt_file, void __user *arg_) 
		goto out;

		goto out;

	}

	}





	if (arg->clone_sources_count >

	    ULLONG_MAX / sizeof(*arg->clone_sources)) {

		ret = -EINVAL;

		goto out;

	}



	if (!access_ok(VERIFY_READ, arg->clone_sources,

	if (!access_ok(VERIFY_READ, arg->clone_sources,

			sizeof(*arg->clone_sources) *

			sizeof(*arg->clone_sources) *

			arg->clone_sources_count)) {

			arg->clone_sources_count)) {