btrfs: send: silence an integer overflow warning
authorDan Carpenter <dan.carpenter@oracle.com>
Wed, 13 Apr 2016 06:40:59 +0000 (09:40 +0300)
committerDavid Sterba <dsterba@suse.com>
Fri, 6 May 2016 13:22:49 +0000 (15:22 +0200)
The "sizeof(*arg->clone_sources) * arg->clone_sources_count" expression
can overflow.  It causes several static checker warnings.  It's all
under CAP_SYS_ADMIN so it's not that serious but lets silence the
warnings.

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
fs/btrfs/send.c

index 8d358c547c59fd8d010d27cf1180a04d51be5fe5..ec433795fa71ad7f3fd052584ebaa2bbcc2a8e7f 100644 (file)
@@ -5978,6 +5978,12 @@ long btrfs_ioctl_send(struct file *mnt_file, void __user *arg_)
                goto out;
        }
 
+       if (arg->clone_sources_count >
+           ULLONG_MAX / sizeof(*arg->clone_sources)) {
+               ret = -EINVAL;
+               goto out;
+       }
+
        if (!access_ok(VERIFY_READ, arg->clone_sources,
                        sizeof(*arg->clone_sources) *
                        arg->clone_sources_count)) {