From 9cfa60d874e9a1da057677619a370409428ea3cf Mon Sep 17 00:00:00 2001 From: Vincent Fu Date: Thu, 8 Feb 2024 17:37:01 -0500 Subject: [PATCH] verify: fix potential overflow before widen vc->hdr_num and len are both 32 bits wide and their product will be a 32-bit result. So any overflow will be lost. Cast hdr_num to unsigned long long so that nothing is lost if the product overflows a 32-bit integer. This fixes the following issue reported by Coverity. ** CID 486274: Integer handling issues (OVERFLOW_BEFORE_WIDEN) /verify.c: 347 in log_verify_failure() ________________________________________________________________________________________________________ *** CID 486274: Integer handling issues (OVERFLOW_BEFORE_WIDEN) /verify.c: 347 in log_verify_failure() 341 uint32_t len; 342 struct thread_data *td = vc->td; 343 344 offset = vc->io_u->verify_offset; 345 if (td->o.verify != VERIFY_PATTERN_NO_HDR) { 346 len = hdr->len; >>> CID 486274: Integer handling issues (OVERFLOW_BEFORE_WIDEN) >>> Potentially overflowing expression "vc->hdr_num * len" with type "unsigned int" (32 bits, unsigned) is evaluated using 32-bit arithmetic, and then used in a context that expects an expression of type "unsigned long long" (64 bits, unsigned). 347 offset += vc->hdr_num * len; 348 } else { 349 len = vc->io_u->buflen; 350 } 351 352 log_err("%.8s: verify failed at file %s offset %llu, length %u" Fixes: 9c8b90ae ("fix wrong offset for VERIFY_PATTERN_NO_HDR") Signed-off-by: Vincent Fu --- verify.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/verify.c b/verify.c index 3e029443..b438eed6 100644 --- a/verify.c +++ b/verify.c @@ -344,7 +344,7 @@ static void log_verify_failure(struct verify_header *hdr, struct vcont *vc) offset = vc->io_u->verify_offset; if (td->o.verify != VERIFY_PATTERN_NO_HDR) { len = hdr->len; - offset += vc->hdr_num * len; + offset += (unsigned long long) vc->hdr_num * len; } else { len = vc->io_u->buflen; } -- 2.25.1