________________________________________
Von: kernel-janitors-owner@xxxxxxxxxxxxxxx <kernel-janitors-owner@xxxxxxxxxxxxxxx> im Auftrag von Dan Carpenter <dan.carpenter@xxxxxxxxxx>
Gesendet: Samstag, 7. März 2020 07:08
An: Tigran A. Aivazian
Cc: linux-kernel@xxxxxxxxxxxxxxx; kernel-janitors@xxxxxxxxxxxxxxx
Betreff: [PATCH] bfs: prevent underflow in bfs_find_entry()
We check if "namelen" is larger than BFS_NAMELEN but we don't check
if it's less than zero so it causes a static checker.
fs/bfs/dir.c:346 bfs_find_entry() warn: no lower bound on 'namelen'
It's nicer to make it unsigned anyway.
Signed-off-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx>
---
fs/bfs/dir.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/bfs/dir.c b/fs/bfs/dir.c
index d8dfe3a0cb39..46a2663e5eb2 100644
--- a/fs/bfs/dir.c
+++ b/fs/bfs/dir.c
@@ -326,7 +326,7 @@ static struct buffer_head *bfs_find_entry(struct inode *dir,
struct buffer_head *bh = NULL;
struct bfs_dirent *de;
const unsigned char *name = child->name;
- int namelen = child->len;
+ unsigned int namelen = child->len;
*res_dir = NULL;
if (namelen > BFS_NAMELEN)
hi Dan,
the namelen usage is fishy. It goes into bfs_namecmp()
where it is checked for namelen < BFS_NAMELEN, leaving
only the case ==.
bfs_namecmp() expects an int, so i would expect a warning.
Perhaps in this case it is better to change the if() into
if ( namelen <= 0 || namelen >= BFS_NAMELEN)
return NULL;
note: bfs_add_entry has the same "issue"
jm2c,
re,
wh
--
2.11.0
