github-mirror/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-05-24 15:12:13 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity Graph

zonefs: handle integer overflow in zonefs_fname_to_fno

Browse Source 
In zonefs the file name in one of the two directories corresponds to the
zone number.

Here Alexey reported a possible integer overflow in zonefs_fname_to_fno(),
where the parsing of the zone number from the file name can overflow the
'long' data type.

Add a check for integer overflows and if the fno 'long' did overflow
return -ENOENT.

Reported-by: Alexey Dobriyan <adobriyan@gmail.com>
Fixes: d207794aba ("zonefs: Dynamically create file inodes when needed")
Signed-off-by: Johannes Thumshirn <johannes.thumshirn@wdc.com>
Signed-off-by: Damien Le Moal <dlemoal@kernel.org>
This commit is contained in:
Johannes Thumshirn 2026-04-29 22:58:15 +02:00 committed by Damien Le Moal
parent 5d6919055d
commit 3a8389d42b
1 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
fs/zonefs/super.c
View File

@ -610,10 +610,14 @@ static long zonefs_fname_to_fno(const struct qstr *fname)
return c - '0';
for (i = 0, rname = name + len - 1; i < len; i++, rname--) {
long digit;
c = *rname;
if (!isdigit(c))
return -ENOENT;
fno += (c - '0') * shift;
digit = (c - '0') * shift;
if (check_add_overflow(fno, digit, &fno))
return -ENOENT;
shift *= 10;
}