From: Martin Wilck <mwilck@xxxxxxxx>
For an int n, it's possible that n > 0 and (26 * n) > 0, but
and still 26 * n overflows the int.
E.g. n = 0x0ec4ec4e; 26 * n = 0x17fffffec, truncated to 32 bit
yields 0x7fffffec, which is > 0.
And anyway, relying on a signed int overflow to detect a problem
is wrong, as the result of such operations is undefined in C.
Signed-off-by: Martin Wilck <mwilck@xxxxxxxx>
---
libmultipath/alias.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/libmultipath/alias.c b/libmultipath/alias.c
index 0fb206d1..a96ba5cc 100644
--- a/libmultipath/alias.c
+++ b/libmultipath/alias.c
@@ -77,6 +77,7 @@ scan_devname(const char *alias, const char *prefix)
{
const char *c;
int i, n = 0;
+ static const int last_26 = INT_MAX / 26;
if (!prefix || strncmp(alias, prefix, strlen(prefix)))
return -1;
@@ -93,9 +94,9 @@ scan_devname(const char *alias, const char *prefix)
if (*c < 'a' || *c > 'z')
return -1;
i = *c - 'a';
- n = ( n * 26 ) + i;
- if (n < 0)
+ if (n > last_26 || (n == last_26 && i >= INT_MAX % 26))
return -1;
+ n = n * 26 + i;
c++;
n++;
}
--
2.23.0
--
dm-devel mailing list
dm-devel@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/dm-devel
