[PATCH] erofs-utils: mkfs: fix integer overflow in erofs_blob_remap

Thu Nov 11 12:55:27 AEDT 2021

When using --chunksize, partitions greater than 2GiB can fail to build
due to integer overflow in erofs_blob_remap.

Signed-off-by: David Anderson <dvander at google.com>
---
 include/erofs/io.h |  6 +++---
 lib/blobchunk.c    |  2 +-
 lib/io.c           | 12 ++++++------
 3 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/include/erofs/io.h b/include/erofs/io.h
index 2597c5c..9d73adc 100644
--- a/include/erofs/io.h
+++ b/include/erofs/io.h
@@ -27,9 +27,9 @@ u64 dev_length(void);
 
 extern int erofs_devfd;
 
-int erofs_copy_file_range(int fd_in, erofs_off_t *off_in,
-                          int fd_out, erofs_off_t *off_out,
-                          size_t length);
+ssize_t erofs_copy_file_range(int fd_in, erofs_off_t *off_in,
+			      int fd_out, erofs_off_t *off_out,
+			      size_t length);
 
 static inline int blk_write(const void *buf, erofs_blk_t blkaddr,
 			    u32 nblocks)
diff --git a/lib/blobchunk.c b/lib/blobchunk.c
index 661c5d0..a0ff79c 100644
--- a/lib/blobchunk.c
+++ b/lib/blobchunk.c
@@ -179,7 +179,7 @@ int erofs_blob_remap(void)
 	struct erofs_buffer_head *bh;
 	ssize_t length;
 	erofs_off_t pos_in, pos_out;
-	int ret;
+	ssize_t ret;
 
 	fflush(blobfile);
 	length = ftell(blobfile);
diff --git a/lib/io.c b/lib/io.c
index cfc062d..279c7dd 100644
--- a/lib/io.c
+++ b/lib/io.c
@@ -259,9 +259,9 @@ int dev_read(void *buf, u64 offset, size_t len)
 	return 0;
 }
 
-static int __erofs_copy_file_range(int fd_in, erofs_off_t *off_in,
-				   int fd_out, erofs_off_t *off_out,
-				   size_t length)
+static ssize_t __erofs_copy_file_range(int fd_in, erofs_off_t *off_in,
+				       int fd_out, erofs_off_t *off_out,
+				       size_t length)
 {
 	size_t copied = 0;
 	char buf[8192];
@@ -331,9 +331,9 @@ static int __erofs_copy_file_range(int fd_in, erofs_off_t *off_in,
 	return copied;
 }
 
-int erofs_copy_file_range(int fd_in, erofs_off_t *off_in,
-			  int fd_out, erofs_off_t *off_out,
-			  size_t length)
+ssize_t erofs_copy_file_range(int fd_in, erofs_off_t *off_in,
+			      int fd_out, erofs_off_t *off_out,
+			      size_t length)
 {
 #ifdef HAVE_COPY_FILE_RANGE
 	off64_t off64_in = *off_in, off64_out = *off_out;
-- 
2.34.0.rc0.344.g81b53c2807-goog

