ceph: fix overflow check in build_snap_context()

The overflow check for a + n * b should be (n > (ULONG_MAX - a) / b), rather than (n > ULONG_MAX / b - a). Signed-off-by: N Xi Wang <xi.wang@gmail.com> Signed-off-by: N Sage Weil <sage@newdream.net>

ceph: fix overflow check in build_snap_context()
The overflow check for a + n * b should be (n > (ULONG_MAX - a) / b), rather than (n > ULONG_MAX / b - a). Signed-off-by: N Xi Wang <xi.wang@gmail.com> Signed-off-by: N Sage Weil <sage@newdream.net>
80834312 · Xi Wang · Alex Elder · 64486697 · 80834312
显示空白变更内容
内联并排

Showing with 1 addition and 1 deletion

fs/ceph/snap.c fs/ceph/snap.c +1 -1

未找到文件。
--- a/fs/ceph/snap.c
+++ b/fs/ceph/snap.c
@@ -331,7 +331,7 @@ static int build_snap_context(struct ceph_snap_realm *realm)
 	/* alloc new snap context */
 	err = -ENOMEM;
-	if (num > ULONG_MAX / sizeof(u64) - sizeof(*snapc))
+	if (num > (ULONG_MAX - sizeof(*snapc)) / sizeof(u64))
 		goto fail;
 	snapc = kzalloc(sizeof(*snapc) + num*sizeof(u64), GFP_NOFS);
 	if (!snapc)