udf: Use unsigned variables for size calculations

To avoid confusing the compiler about possible negative sizes, switch
various size variables that can never be negative from int to u32. Seen
with GCC 13:

../fs/udf/directory.c: In function 'udf_copy_fi':
../include/linux/fortify-string.h:57:33: warning: '__builtin_memcpy' pointer overflow between offset 80 and size [-2147483648, -1] [-Warray-bounds=]
   57 | #define __underlying_memcpy     __builtin_memcpy
      |                                 ^
...
../fs/udf/directory.c:102:9: note: in expansion of macro 'memcpy'
  102 |         memcpy(&iter->fi, iter->bh[0]->b_data + off, len);
      |         ^~~~~~

Cc: Jan Kara <jack@suse.com>
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Jan Kara <jack@suse.cz>
Message-Id: <20230204183427.never.856-kees@kernel.org>

diff --git a/fs/udf/directory.c b/fs/udf/directory.c
index 2e13c4b..e0bb73d 100644 (file)
--- a/fs/udf/directory.c
+++ b/fs/udf/directory.c
@@ -71,8 +71,9 @@ static int udf_verify_fi(struct udf_fileident_iter *iter)
 static int udf_copy_fi(struct udf_fileident_iter *iter)
 {
        struct udf_inode_info *iinfo = UDF_I(iter->dir);
-       int blksize = 1 << iter->dir->i_blkbits;
-       int err, off, len, nameoff;
+       u32 blksize = 1 << iter->dir->i_blkbits;
+       u32 off, len, nameoff;
+       int err;
 
        /* Skip copying when we are at EOF */
        if (iter->pos >= iter->dir->i_size) {