summaryrefslogtreecommitdiff
path: root/fs/btrfs/send.c
diff options
context:
space:
mode:
authorDan Carpenter <dan.carpenter@oracle.com>2016-04-13 09:40:59 +0300
committerDavid Sterba <dsterba@suse.com>2016-05-06 15:22:49 +0200
commitf5ecec3ce21f706e9e7a330b2e8e5a2941927b46 (patch)
tree8f165eaa2ec88ddbd6ed769345523484ad8ca5ce /fs/btrfs/send.c
parent41b34accb265e3a20211a7a8ef3625678f1c6ec7 (diff)
btrfs: send: silence an integer overflow warning
The "sizeof(*arg->clone_sources) * arg->clone_sources_count" expression can overflow. It causes several static checker warnings. It's all under CAP_SYS_ADMIN so it's not that serious but lets silence the warnings. Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Reviewed-by: David Sterba <dsterba@suse.com> Signed-off-by: David Sterba <dsterba@suse.com>
Diffstat (limited to 'fs/btrfs/send.c')
-rw-r--r--fs/btrfs/send.c6
1 files changed, 6 insertions, 0 deletions
diff --git a/fs/btrfs/send.c b/fs/btrfs/send.c
index 8d358c547c59..ec433795fa71 100644
--- a/fs/btrfs/send.c
+++ b/fs/btrfs/send.c
@@ -5978,6 +5978,12 @@ long btrfs_ioctl_send(struct file *mnt_file, void __user *arg_)
goto out;
}
+ if (arg->clone_sources_count >
+ ULLONG_MAX / sizeof(*arg->clone_sources)) {
+ ret = -EINVAL;
+ goto out;
+ }
+
if (!access_ok(VERIFY_READ, arg->clone_sources,
sizeof(*arg->clone_sources) *
arg->clone_sources_count)) {