LKML Archive on lore.kernel.org
help / color / mirror / Atom feed
From: Walter Harms <wharms@bfs.de>
To: Dan Carpenter <dan.carpenter@oracle.com>,
	"Tigran A. Aivazian" <aivazian.tigran@gmail.com>
Cc: "linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
	"kernel-janitors@vger.kernel.org"
	<kernel-janitors@vger.kernel.org>
Subject: AW: [PATCH] bfs: prevent underflow in bfs_find_entry()
Date: Mon, 9 Mar 2020 08:40:28 +0000	[thread overview]
Message-ID: <ba294b1d861142ca8f7b204356009dd0@bfs.de> (raw)
In-Reply-To: <20200307060808.6nfyqnp2woq7d3cv@kili.mountain>


________________________________________
Von: kernel-janitors-owner@vger.kernel.org <kernel-janitors-owner@vger.kernel.org> im Auftrag von Dan Carpenter <dan.carpenter@oracle.com>
Gesendet: Samstag, 7. März 2020 07:08
An: Tigran A. Aivazian
Cc: linux-kernel@vger.kernel.org; kernel-janitors@vger.kernel.org
Betreff: [PATCH] bfs: prevent underflow in bfs_find_entry()

We check if "namelen" is larger than BFS_NAMELEN but we don't check
if it's less than zero so it causes a static checker.

    fs/bfs/dir.c:346 bfs_find_entry() warn: no lower bound on 'namelen'

It's nicer to make it unsigned anyway.

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
---
 fs/bfs/dir.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/fs/bfs/dir.c b/fs/bfs/dir.c
index d8dfe3a0cb39..46a2663e5eb2 100644
--- a/fs/bfs/dir.c
+++ b/fs/bfs/dir.c
@@ -326,7 +326,7 @@ static struct buffer_head *bfs_find_entry(struct inode *dir,
        struct buffer_head *bh = NULL;
        struct bfs_dirent *de;
        const unsigned char *name = child->name;
-       int namelen = child->len;
+       unsigned int namelen = child->len;

        *res_dir = NULL;
        if (namelen > BFS_NAMELEN)

hi Dan,
the namelen usage is fishy. It goes into bfs_namecmp()
where it is checked for namelen < BFS_NAMELEN, leaving
only the case ==.
bfs_namecmp() expects an int, so i would expect a warning.
Perhaps in this case it is better to change the if() into

if ( namelen <= 0 ||  namelen >= BFS_NAMELEN)
 return NULL;

note:  bfs_add_entry has the same "issue"

jm2c,
re,
 wh

--
2.11.0


  reply	other threads:[~2020-03-09  8:40 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-03-07  6:08 Dan Carpenter
2020-03-09  8:40 ` Walter Harms [this message]
2020-03-10  9:06   ` Dan Carpenter
2020-03-10 17:57     ` AW: " Walter Harms
2020-03-10 18:22       ` Tigran Aivazian
2020-03-09  9:14 ` Tigran Aivazian
2020-03-10  8:38   ` Dan Carpenter

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=ba294b1d861142ca8f7b204356009dd0@bfs.de \
    --to=wharms@bfs.de \
    --cc=aivazian.tigran@gmail.com \
    --cc=dan.carpenter@oracle.com \
    --cc=kernel-janitors@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --subject='Re: AW: [PATCH] bfs: prevent underflow in bfs_find_entry()' \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).