From: Arnd Bergmann <[email protected]>
The overflow check in xdr_stream_decode_uint32_array() was added for
32-bit systems, but on 64-bit builds it causes a build warning when
building with clang and W=1:
In file included from init/do_mounts.c:22:
include/linux/sunrpc/xdr.h:778:10: error: result of comparison of constant 4611686018427387903 with expression of type '__u32' (aka 'unsigned int') is always false [-Werror,-Wtautological-constant-out-of-range-compare]
778 | if (len > SIZE_MAX / sizeof(*p))
Shut up the warning with a type cast.
Fixes: 23a9dbbe0faf1 ("NFSD: prevent integer overflow on 32 bit systems")
Signed-off-by: Arnd Bergmann <[email protected]>
---
include/linux/sunrpc/xdr.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/include/linux/sunrpc/xdr.h b/include/linux/sunrpc/xdr.h
index f89ec4b5ea169..6736121ee6a03 100644
--- a/include/linux/sunrpc/xdr.h
+++ b/include/linux/sunrpc/xdr.h
@@ -775,7 +775,7 @@ xdr_stream_decode_uint32_array(struct xdr_stream *xdr,
if (unlikely(xdr_stream_decode_u32(xdr, &len) < 0))
return -EBADMSG;
- if (len > SIZE_MAX / sizeof(*p))
+ if ((size_t)len > SIZE_MAX / sizeof(*p))
return -EBADMSG;
p = xdr_inline_decode(xdr, len * sizeof(*p));
if (unlikely(!p))
--
2.39.2
On Mon, Jul 03, 2023 at 01:37:22PM +0200, Arnd Bergmann wrote:
> From: Arnd Bergmann <[email protected]>
>
> The overflow check in xdr_stream_decode_uint32_array() was added for
> 32-bit systems, but on 64-bit builds it causes a build warning when
> building with clang and W=1:
>
> In file included from init/do_mounts.c:22:
> include/linux/sunrpc/xdr.h:778:10: error: result of comparison of constant 4611686018427387903 with expression of type '__u32' (aka 'unsigned int') is always false [-Werror,-Wtautological-constant-out-of-range-compare]
> 778 | if (len > SIZE_MAX / sizeof(*p))
>
> Shut up the warning with a type cast.
>
> Fixes: 23a9dbbe0faf1 ("NFSD: prevent integer overflow on 32 bit systems")
> Signed-off-by: Arnd Bergmann <[email protected]>
> ---
> include/linux/sunrpc/xdr.h | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/include/linux/sunrpc/xdr.h b/include/linux/sunrpc/xdr.h
> index f89ec4b5ea169..6736121ee6a03 100644
> --- a/include/linux/sunrpc/xdr.h
> +++ b/include/linux/sunrpc/xdr.h
> @@ -775,7 +775,7 @@ xdr_stream_decode_uint32_array(struct xdr_stream *xdr,
>
> if (unlikely(xdr_stream_decode_u32(xdr, &len) < 0))
> return -EBADMSG;
> - if (len > SIZE_MAX / sizeof(*p))
> + if ((size_t)len > SIZE_MAX / sizeof(*p))
> return -EBADMSG;
> p = xdr_inline_decode(xdr, len * sizeof(*p));
I sent a patch for this last week that takes a different approach.
https://lore.kernel.org/all/[email protected]/
I probably should have used a Fixes tag just for informational purposes.
regards,
dan carpenter
On Mon, Jul 3, 2023 at 5:42 AM Dan Carpenter <[email protected]> wrote:
>
> On Mon, Jul 03, 2023 at 01:37:22PM +0200, Arnd Bergmann wrote:
> > From: Arnd Bergmann <[email protected]>
> >
> > The overflow check in xdr_stream_decode_uint32_array() was added for
> > 32-bit systems, but on 64-bit builds it causes a build warning when
> > building with clang and W=1:
> >
> > In file included from init/do_mounts.c:22:
> > include/linux/sunrpc/xdr.h:778:10: error: result of comparison of constant 4611686018427387903 with expression of type '__u32' (aka 'unsigned int') is always false [-Werror,-Wtautological-constant-out-of-range-compare]
> > 778 | if (len > SIZE_MAX / sizeof(*p))
> >
> > Shut up the warning with a type cast.
> >
> > Fixes: 23a9dbbe0faf1 ("NFSD: prevent integer overflow on 32 bit systems")
> > Signed-off-by: Arnd Bergmann <[email protected]>
> > ---
> > include/linux/sunrpc/xdr.h | 2 +-
> > 1 file changed, 1 insertion(+), 1 deletion(-)
> >
> > diff --git a/include/linux/sunrpc/xdr.h b/include/linux/sunrpc/xdr.h
> > index f89ec4b5ea169..6736121ee6a03 100644
> > --- a/include/linux/sunrpc/xdr.h
> > +++ b/include/linux/sunrpc/xdr.h
> > @@ -775,7 +775,7 @@ xdr_stream_decode_uint32_array(struct xdr_stream *xdr,
> >
> > if (unlikely(xdr_stream_decode_u32(xdr, &len) < 0))
> > return -EBADMSG;
> > - if (len > SIZE_MAX / sizeof(*p))
> > + if ((size_t)len > SIZE_MAX / sizeof(*p))
> > return -EBADMSG;
> > p = xdr_inline_decode(xdr, len * sizeof(*p));
>
> I sent a patch for this last week that takes a different approach.
>
> https://lore.kernel.org/all/[email protected]/
>
> I probably should have used a Fixes tag just for informational purposes.
I have a slight preference for retaining the existing error handling
here, but am happy to have 2 fixes in hand rather than 0; thank you
both for your time looking at this.
Reviewed-by: Nick Desaulniers <[email protected]>
>
> regards,
> dan carpenter
>
--
Thanks,
~Nick Desaulniers