tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

ceph: fix overflowed constant issue in ceph_do_objects_copy()

The Coverity Scan service has detected overflowed constant
issue in ceph_do_objects_copy() [1]. The CID 1624308
defect contains explanation: "The overflowed value due to
arithmetic on constants is too small or unexpectedly
negative, causing incorrect computations. Expression bytes,
which is equal to -95, where ret is known to be equal to -95,
underflows the type that receives it, an unsigned integer
64 bits wide. In ceph_do_objects_copy: Integer overflow occurs
in arithmetic on constant operands (CWE-190)".

The patch changes the type of bytes variable from size_t
to ssize_t with the goal of to be capable to receive
negative values.

[1] https://scan5.scan.coverity.com/#/project-view/64304/10063?selectedIssue=1624308

Signed-off-by: Viacheslav Dubeyko <Slava.Dubeyko@ibm.com>
Reviewed-by: Alex Markuze <amarkuze@redhat.com>
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>

authored by

Viacheslav Dubeyko and committed by
Ilya Dryomov 5b2d1377 1ed4471a

+2 -2
+2 -2
fs/ceph/file.c
··· 2880 2880 struct ceph_object_id src_oid, dst_oid; 2881 2881 struct ceph_osd_client *osdc; 2882 2882 struct ceph_osd_request *req; 2883 - size_t bytes = 0; 2883 + ssize_t bytes = 0; 2884 2884 u64 src_objnum, src_objoff, dst_objnum, dst_objoff; 2885 2885 u32 src_objlen, dst_objlen; 2886 2886 u32 object_size = src_ci->i_layout.object_size; ··· 2930 2930 "OSDs don't support copy-from2; disabling copy offload\n"); 2931 2931 } 2932 2932 doutc(cl, "returned %d\n", ret); 2933 - if (!bytes) 2933 + if (bytes <= 0) 2934 2934 bytes = ret; 2935 2935 goto out; 2936 2936 }