[9/8] xfs_io: fix integer over/underflow handling in timespec_from_string

Commit Message

Darrick J. Wong Jan. 28, 2020, 3:56 p.m. UTC

From: Darrick J. Wong <darrick.wong@oracle.com>

When we're filling out the struct timespec, make sure we detect when the
string value cannot be represented by a (potentially 32-bit) seconds
field in struct timespec.

Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
---
 libxcmd/input.c |   23 +++++++++++++++++------
 1 file changed, 17 insertions(+), 6 deletions(-)

Comments

Christoph Hellwig Jan. 30, 2020, 6:18 p.m. UTC | #1

On Tue, Jan 28, 2020 at 07:56:48AM -0800, Darrick J. Wong wrote:
> From: Darrick J. Wong <darrick.wong@oracle.com>
> 
> When we're filling out the struct timespec, make sure we detect when the
> string value cannot be represented by a (potentially 32-bit) seconds
> field in struct timespec.

Looks good:

Reviewed-by: Christoph Hellwig <hch@lst.de>

Patch

diff --git a/libxcmd/input.c b/libxcmd/input.c
index d232d4f3..137856e3 100644
--- a/libxcmd/input.c
+++ b/libxcmd/input.c
@@ -183,19 +183,30 @@  timestr(
 
 int
 timespec_from_string(
-	const char	* secs,
-	const char	* nsecs,
-	struct timespec	* ts)
+	const char		*secs,
+	const char		*nsecs,
+	struct timespec		*ts)
 {
-	char* p;
+	char			*p;
+	unsigned long long int	ll;
+
 	if (!secs || !nsecs || !ts)
 		return 1;
-	ts->tv_sec = strtoull(secs, &p, 0);
+
+	ll = strtoull(secs, &p, 0);
 	if (*p)
 		return 1;
-	ts->tv_nsec = strtoull(nsecs, &p, 0);
+	ts->tv_sec = ll;
+	if ((unsigned long long int)ts->tv_sec != ll)
+		return 1;
+
+	ll = strtoull(nsecs, &p, 0);
 	if (*p)
 		return 1;
+	ts->tv_nsec = ll;
+	if ((unsigned long long int)ts->tv_nsec != ll)
+		return 1;
+
 	return 0;
 }