forked from luck/tmp_suning_uos_patched
dm raid: fix a couple integer overflows
My static checker complains that if "num_raid_params" is UINT_MAX then the "if (num_raid_params + 1 > argc) {" check doesn't work as intended. The other change is that I moved the "if (argc != (num_raid_devs * 2))" condition forward a few lines so it was before the call to context_alloc(). If we had an integer overflow inside that function then it would lead to an immediate crash. Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: Mike Snitzer <snitzer@redhat.com>
This commit is contained in:
parent
65803c2059
commit
3ca5a21a9c
@ -1243,7 +1243,7 @@ static int raid_ctr(struct dm_target *ti, unsigned argc, char **argv)
|
||||
argv++;
|
||||
|
||||
/* Skip over RAID params for now and find out # of devices */
|
||||
if (num_raid_params + 1 > argc) {
|
||||
if (num_raid_params >= argc) {
|
||||
ti->error = "Arguments do not agree with counts given";
|
||||
return -EINVAL;
|
||||
}
|
||||
@ -1254,6 +1254,12 @@ static int raid_ctr(struct dm_target *ti, unsigned argc, char **argv)
|
||||
return -EINVAL;
|
||||
}
|
||||
|
||||
argc -= num_raid_params + 1; /* +1: we already have num_raid_devs */
|
||||
if (argc != (num_raid_devs * 2)) {
|
||||
ti->error = "Supplied RAID devices does not match the count given";
|
||||
return -EINVAL;
|
||||
}
|
||||
|
||||
rs = context_alloc(ti, rt, (unsigned)num_raid_devs);
|
||||
if (IS_ERR(rs))
|
||||
return PTR_ERR(rs);
|
||||
@ -1262,16 +1268,8 @@ static int raid_ctr(struct dm_target *ti, unsigned argc, char **argv)
|
||||
if (ret)
|
||||
goto bad;
|
||||
|
||||
ret = -EINVAL;
|
||||
|
||||
argc -= num_raid_params + 1; /* +1: we already have num_raid_devs */
|
||||
argv += num_raid_params + 1;
|
||||
|
||||
if (argc != (num_raid_devs * 2)) {
|
||||
ti->error = "Supplied RAID devices does not match the count given";
|
||||
goto bad;
|
||||
}
|
||||
|
||||
ret = dev_parms(rs, argv);
|
||||
if (ret)
|
||||
goto bad;
|
||||
|
Loading…
Reference in New Issue
Block a user