[PATCH] erofs-utils: lib: fix potential overflow issue
Sandeep Dhavale
dhavale at google.com
Tue Aug 6 04:39:50 AEST 2024
On Sun, Aug 4, 2024 at 8:25 PM Hongzhen Luo <hongzhen at linux.alibaba.com> wrote:
>
> Coverity-id: 502377
>
> Signed-off-by: Hongzhen Luo <hongzhen at linux.alibaba.com>
> ---
> lib/kite_deflate.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/lib/kite_deflate.c b/lib/kite_deflate.c
> index a5ebd66..e52e382 100644
> --- a/lib/kite_deflate.c
> +++ b/lib/kite_deflate.c
> @@ -817,7 +817,8 @@ static const struct kite_matchfinder_cfg {
> /* 9 */ {32, 258, 258, 4096, true}, /* maximum compression */
> };
>
> -static int kite_mf_init(struct kite_matchfinder *mf, int wsiz, int level)
> +static int kite_mf_init(struct kite_matchfinder *mf, unsigned int wsiz,
> + int level)
> {
> const struct kite_matchfinder_cfg *cfg;
>
> --
> 2.43.5
>
Hi Hongzhen,
Can you please explain to me where the potential overflow is? Checkers
can be smart so easy for me to miss.
I see a below check in kitle_me_init()
if (wsiz > kHistorySize32 || (1 << ilog2(wsiz)) != wsiz)
return -EINVAL;
So any larger value than kHistorySize32 which is (1U << 15) is already
rejected. So what overflow case is this int => unsigned int type
conversion solving?
Thanks,
Sandeep.
More information about the Linux-erofs
mailing list