diff mbox series

[ndctl,v2,1/5] ndctl/namespace: avoid integer overflow in namespace validation

Message ID 1b3cc602d61a1b0a5383a481452d216331e3477e.1741304303.git.alison.schofield@intel.com (mailing list archive)
State New
Headers show
Series Address Coverity Scan Defects | expand

Commit Message

Alison Schofield March 6, 2025, 11:50 p.m. UTC 
From: Alison Schofield <alison.schofield@intel.com>

A coverity scan highlighted an integer overflow issue when testing
if the size and align parameters make sense together.

Before performing the multiplication, check that the result will not
exceed the maximum value that an unsigned long long can hold.

Signed-off-by: Alison Schofield <alison.schofield@intel.com>
Reviewed-by: Dave Jiang <dave.jiang@intel.com>
---
 ndctl/namespace.c | 7 +++++++
 1 file changed, 7 insertions(+)
diff mbox series

Patch

diff --git a/ndctl/namespace.c b/ndctl/namespace.c
index aa8c23a50385..372fc3747c88 100644
--- a/ndctl/namespace.c
+++ b/ndctl/namespace.c
@@ -868,6 +868,13 @@  static int validate_namespace_options(struct ndctl_region *region,
 
 		p->size /= size_align;
 		p->size++;
+
+		if (p->size > ULLONG_MAX / size_align) {
+			err("size overflow: %llu * %llu exceeds ULLONG_MAX\n",
+			    p->size, size_align);
+			return -EINVAL;
+		}
+
 		p->size *= size_align;
 		p->size /= units;
 		err("'--size=' must align to interleave-width: %d and alignment: %ld\n"