[PATCH 2/3] erofs-utils: lib: fix out-of-bounds in erofs_io_xcopy()

[Gao Xiang]

Coverity-id: 502334
Signed-off-by: Gao Xiang <hsiangkao at linux.alibaba.com>
---
 include/erofs/io.h | 4 ++--
 lib/io.c           | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/include/erofs/io.h b/include/erofs/io.h
index f53abed..d9b33d2 100644
--- a/include/erofs/io.h
+++ b/include/erofs/io.h
@@ -34,7 +34,7 @@ struct erofs_vfops {
 	off_t (*lseek)(struct erofs_vfile *vf, u64 offset, int whence);
 	int (*fstat)(struct erofs_vfile *vf, struct stat *buf);
 	int (*xcopy)(struct erofs_vfile *vout, off_t pos,
-		     struct erofs_vfile *vin, int len, bool noseek);
+		     struct erofs_vfile *vin, unsigned int len, bool noseek);
 };
 
 /* don't extend this; instead, use payload for any extra information */
@@ -61,7 +61,7 @@ off_t erofs_io_lseek(struct erofs_vfile *vf, u64 offset, int whence);
 ssize_t erofs_copy_file_range(int fd_in, u64 *off_in, int fd_out, u64 *off_out,
 			      size_t length);
 int erofs_io_xcopy(struct erofs_vfile *vout, off_t pos,
-		   struct erofs_vfile *vin, int len, bool noseek);
+		   struct erofs_vfile *vin, unsigned int len, bool noseek);
 
 #ifdef __cplusplus
 }
diff --git a/lib/io.c b/lib/io.c
index 9167321..4937db5 100644
--- a/lib/io.c
+++ b/lib/io.c
@@ -490,7 +490,7 @@ off_t erofs_io_lseek(struct erofs_vfile *vf, u64 offset, int whence)
 }
 
 int erofs_io_xcopy(struct erofs_vfile *vout, off_t pos,
-		   struct erofs_vfile *vin, int len, bool noseek)
+		   struct erofs_vfile *vin, unsigned int len, bool noseek)
 {
 	if (vout->ops)
 		return vout->ops->xcopy(vout, pos, vin, len, noseek);
@@ -519,7 +519,7 @@ int erofs_io_xcopy(struct erofs_vfile *vout, off_t pos,
 
 	do {
 		char buf[32768];
-		int ret = min_t(int, len, sizeof(buf));
+		int ret = min_t(unsigned int, len, sizeof(buf));
 
 		ret = erofs_io_read(vin, buf, ret);
 		if (ret < 0)
-- 
2.43.5