[PATCH] xfs: check for negatives in xfs_exchange_range_checks()

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



The fxr->file1_offset and fxr->file2_offset variables come from the user
in xfs_ioc_exchange_range().  They are size loff_t which is an s64.
Check the they aren't negative.

Fixes: 9a64d9b3109d ("xfs: introduce new file range exchange ioctl")
Signed-off-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx>
---
>From static analysis.  Untested.  Sorry!

 fs/xfs/xfs_exchrange.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/fs/xfs/xfs_exchrange.c b/fs/xfs/xfs_exchrange.c
index c8a655c92c92..3465e152d928 100644
--- a/fs/xfs/xfs_exchrange.c
+++ b/fs/xfs/xfs_exchrange.c
@@ -337,6 +337,9 @@ xfs_exchange_range_checks(
 	if (IS_SWAPFILE(inode1) || IS_SWAPFILE(inode2))
 		return -ETXTBSY;
 
+	if (fxr->file1_offset < 0 || fxr->file2_offset < 0)
+		return -EINVAL;
+
 	size1 = i_size_read(inode1);
 	size2 = i_size_read(inode2);
 
-- 
2.43.0





[Index of Archives]     [XFS Filesystem Development (older mail)]     [Linux Filesystem Development]     [Linux Audio Users]     [Yosemite Trails]     [Linux Kernel]     [Linux RAID]     [Linux SCSI]


  Powered by Linux