The snap_names_len field of an rbd_image_header structure is defined
with type size_t. That field is used as both the source and target
of 64-bit byte-order swapping operations though, so it's best to
define it with type u64 instead.
Signed-off-by: Alex Elder <elder@xxxxxxxxxxx>
---
drivers/block/rbd.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
Index: b/drivers/block/rbd.c
===================================================================
--- a/drivers/block/rbd.c
+++ b/drivers/block/rbd.c
@@ -81,7 +81,7 @@ struct rbd_image_header {
__u8 crypt_type;
__u8 comp_type;
struct ceph_snap_context *snapc;
- size_t snap_names_len;
+ u64 snap_names_len;
u32 total_snaps;
char *snap_names;
@@ -511,6 +511,7 @@ static int rbd_header_from_disk(struct r
if (snap_count) {
header->snap_names_len = le64_to_cpu(ondisk->snap_names_len);
+ BUG_ON(header->snap_names_len > (u64) SIZE_MAX);
header->snap_names = kmalloc(header->snap_names_len,
GFP_KERNEL);
if (!header->snap_names)
--
To unsubscribe from this list: send the line "unsubscribe ceph-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
