projects / platform / upstream / erofs-utils.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 0f8f48d)
erofs-utils: lib: fix out-of-bounds in erofs_io_xcopy()
authorGao Xiang <hsiangkao@linux.alibaba.com>
Fri, 2 Aug 2024 01:55:26 +0000 (09:55 +0800)
committerGao Xiang <hsiangkao@linux.alibaba.com>
Sun, 4 Aug 2024 01:51:05 +0000 (09:51 +0800)
Coverity-id: 502334
Reviewed-by: Sandeep Dhavale <dhavale@google.com>
Signed-off-by: Gao Xiang <hsiangkao@linux.alibaba.com>
Link: https://lore.kernel.org/r/20240802015527.2113797-2-hsiangkao@linux.alibaba.com
include/erofs/io.h patch | blob | history
lib/io.c patch | blob | history

diff --git a/include/erofs/io.h b/include/erofs/io.h
index f53abed93754d2eeb4b8bbf53a7443b7b307fc39..d9b33d237aa73b05d71f1811101dca828fdcfda1 100644 (file)
--- a/include/erofs/io.h
+++ b/include/erofs/io.h
@@ -34,7 +34,7 @@ struct erofs_vfops {
        off_t (*lseek)(struct erofs_vfile *vf, u64 offset, int whence);
        int (*fstat)(struct erofs_vfile *vf, struct stat *buf);
        int (*xcopy)(struct erofs_vfile *vout, off_t pos,
-                    struct erofs_vfile *vin, int len, bool noseek);
+                    struct erofs_vfile *vin, unsigned int len, bool noseek);
 };
 
 /* don't extend this; instead, use payload for any extra information */
@@ -61,7 +61,7 @@ off_t erofs_io_lseek(struct erofs_vfile *vf, u64 offset, int whence);
 ssize_t erofs_copy_file_range(int fd_in, u64 *off_in, int fd_out, u64 *off_out,
                              size_t length);
 int erofs_io_xcopy(struct erofs_vfile *vout, off_t pos,
-                  struct erofs_vfile *vin, int len, bool noseek);
+                  struct erofs_vfile *vin, unsigned int len, bool noseek);
 
 #ifdef __cplusplus
 }
diff --git a/lib/io.c b/lib/io.c
index 91673213fc94fa20835e822f24db4dd89c858f32..4937db5fa4a1df8a2bc844202aba8efd42c8c21e 100644 (file)
--- a/lib/io.c
+++ b/lib/io.c
@@ -490,7 +490,7 @@ off_t erofs_io_lseek(struct erofs_vfile *vf, u64 offset, int whence)
 }
 
 int erofs_io_xcopy(struct erofs_vfile *vout, off_t pos,
-                  struct erofs_vfile *vin, int len, bool noseek)
+                  struct erofs_vfile *vin, unsigned int len, bool noseek)
 {
        if (vout->ops)
                return vout->ops->xcopy(vout, pos, vin, len, noseek);
@@ -519,7 +519,7 @@ int erofs_io_xcopy(struct erofs_vfile *vout, off_t pos,
 
        do {
                char buf[32768];
-               int ret = min_t(int, len, sizeof(buf));
+               int ret = min_t(unsigned int, len, sizeof(buf));
 
                ret = erofs_io_read(vin, buf, ret);
                if (ret < 0)
Domain: System / Kernel