[PATCH] erofs-utils: lib: fix potential overflow issue
Gao Xiang
hsiangkao at linux.alibaba.com
Tue Aug 6 11:58:24 AEST 2024
Hi Sandeep,
On 2024/8/6 02:39, Sandeep Dhavale via Linux-erofs wrote:
> On Sun, Aug 4, 2024 at 8:25 PM Hongzhen Luo <hongzhen at linux.alibaba.com> wrote:
>>
>> Coverity-id: 502377
>>
>> Signed-off-by: Hongzhen Luo <hongzhen at linux.alibaba.com>
>> ---
>> lib/kite_deflate.c | 3 ++-
>> 1 file changed, 2 insertions(+), 1 deletion(-)
>>
>> diff --git a/lib/kite_deflate.c b/lib/kite_deflate.c
>> index a5ebd66..e52e382 100644
>> --- a/lib/kite_deflate.c
>> +++ b/lib/kite_deflate.c
>> @@ -817,7 +817,8 @@ static const struct kite_matchfinder_cfg {
>> /* 9 */ {32, 258, 258, 4096, true}, /* maximum compression */
>> };
>>
>> -static int kite_mf_init(struct kite_matchfinder *mf, int wsiz, int level)
>> +static int kite_mf_init(struct kite_matchfinder *mf, unsigned int wsiz,
>> + int level)
>> {
>> const struct kite_matchfinder_cfg *cfg;
>>
>> --
>> 2.43.5
>>
>
> Hi Hongzhen,
> Can you please explain to me where the potential overflow is? Checkers
> can be smart so easy for me to miss.
> I see a below check in kitle_me_init()
>
> if (wsiz > kHistorySize32 || (1 << ilog2(wsiz)) != wsiz)
> return -EINVAL;
>
> So any larger value than kHistorySize32 which is (1U << 15) is already
> rejected. So what overflow case is this int => unsigned int type
> conversion solving?
The latest coverity scan can be found at:
https://scan.coverity.com/projects/erofs-erofs-utils
If you're interested in the result details, I could send a coverity
membership invitation to you so that you could find more comments
on the website.
Since coverity reports are important for several vendors, if it's
not quite insane, maybe we need to address anyway.
Thanks,
Gao Xiang
>
> Thanks,
> Sandeep.
More information about the Linux-erofs
mailing list