Commit 80834312 authored by Xi Wang's avatar Xi Wang Committed by Alex Elder

ceph: fix overflow check in build_snap_context()

The overflow check for a + n * b should be (n > (ULONG_MAX - a) / b),
rather than (n > ULONG_MAX / b - a).
Signed-off-by: default avatarXi Wang <xi.wang@gmail.com>
Signed-off-by: default avatarSage Weil <sage@newdream.net>
parent 64486697
...@@ -331,7 +331,7 @@ static int build_snap_context(struct ceph_snap_realm *realm) ...@@ -331,7 +331,7 @@ static int build_snap_context(struct ceph_snap_realm *realm)
/* alloc new snap context */ /* alloc new snap context */
err = -ENOMEM; err = -ENOMEM;
if (num > ULONG_MAX / sizeof(u64) - sizeof(*snapc)) if (num > (ULONG_MAX - sizeof(*snapc)) / sizeof(u64))
goto fail; goto fail;
snapc = kzalloc(sizeof(*snapc) + num*sizeof(u64), GFP_NOFS); snapc = kzalloc(sizeof(*snapc) + num*sizeof(u64), GFP_NOFS);
if (!snapc) if (!snapc)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment