btrfs: send: silence an integer overflow warning

The "sizeof(*arg->clone_sources) * arg->clone_sources_count" expression can overflow. It causes several static checker warnings. It's all under CAP_SYS_ADMIN so it's not that serious but lets silence the warnings. Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Reviewed-by: David Sterba <dsterba@suse.com> Signed-off-by: David Sterba <dsterba@suse.com>
author: Dan Carpenter 2016-04-13 08:40:59 +0200
committer: David Sterba 2016-05-06 15:22:49 +0200
commit: f5ecec3ce21f706e9e7a330b2e8e5a2941927b46 (patch)
tree: 8f165eaa2ec88ddbd6ed769345523484ad8ca5ce /fs/btrfs/send.c
parent: btrfs: avoid overflowing f_bfree (diff)
download: kernel-qcow2-linux-f5ecec3ce21f706e9e7a330b2e8e5a2941927b46.tar.gz
kernel-qcow2-linux-f5ecec3ce21f706e9e7a330b2e8e5a2941927b46.tar.xz
kernel-qcow2-linux-f5ecec3ce21f706e9e7a330b2e8e5a2941927b46.zip
1 files changed, 6 insertions, 0 deletions
diff --git a/fs/btrfs/send.c b/fs/btrfs/send.c
index 8d358c547c59..ec433795fa71 100644
--- a/fs/btrfs/send.c
+++ b/fs/btrfs/send.c
@@ -5978,6 +5978,12 @@ long btrfs_ioctl_send(struct file *mnt_file, void __user *arg_)
 		goto out;
 	}
 
+	if (arg->clone_sources_count >
+	    ULLONG_MAX / sizeof(*arg->clone_sources)) {
+		ret = -EINVAL;
+		goto out;
+	}
+
 	if (!access_ok(VERIFY_READ, arg->clone_sources,
 			sizeof(*arg->clone_sources) *
 			arg->clone_sources_count)) {
author	Dan Carpenter	2016-04-13 08:40:59 +0200
committer	David Sterba	2016-05-06 15:22:49 +0200
commit	f5ecec3ce21f706e9e7a330b2e8e5a2941927b46 (patch)
tree	8f165eaa2ec88ddbd6ed769345523484ad8ca5ce /fs/btrfs/send.c
parent	btrfs: avoid overflowing f_bfree (diff)
download	kernel-qcow2-linux-f5ecec3ce21f706e9e7a330b2e8e5a2941927b46.tar.gz kernel-qcow2-linux-f5ecec3ce21f706e9e7a330b2e8e5a2941927b46.tar.xz kernel-qcow2-linux-f5ecec3ce21f706e9e7a330b2e8e5a2941927b46.zip