Re: [PATCH] erofs-utils: mkfs: fix integer overflow in erofs_blob_remap

Wed, 10 Nov 2021 18:12:15 -0800 

Hi David,

On Thu, Nov 11, 2021 at 01:55:27AM +0000, David Anderson via Linux-erofs wrote:
> When using --chunksize, partitions greater than 2GiB can fail to build
> due to integer overflow in erofs_blob_remap.
> 
> Signed-off-by: David Anderson <[email protected]>

Thanks for the report! good catch! Will apply this later.

Reviewed-by: Gao Xiang <[email protected]>

(however, I think it needs several loops for 32-bit platforms.
 I will fix it later...)

Thanks,
Gao Xiang

> ---
>  include/erofs/io.h |  6 +++---
>  lib/blobchunk.c    |  2 +-
>  lib/io.c           | 12 ++++++------
>  3 files changed, 10 insertions(+), 10 deletions(-)
> 
> diff --git a/include/erofs/io.h b/include/erofs/io.h
> index 2597c5c..9d73adc 100644
> --- a/include/erofs/io.h
> +++ b/include/erofs/io.h
> @@ -27,9 +27,9 @@ u64 dev_length(void);
>  
>  extern int erofs_devfd;
>  
> -int erofs_copy_file_range(int fd_in, erofs_off_t *off_in,
> -                          int fd_out, erofs_off_t *off_out,
> -                          size_t length);
> +ssize_t erofs_copy_file_range(int fd_in, erofs_off_t *off_in,
> +                           int fd_out, erofs_off_t *off_out,
> +                           size_t length);
>  
>  static inline int blk_write(const void *buf, erofs_blk_t blkaddr,
>                           u32 nblocks)
> diff --git a/lib/blobchunk.c b/lib/blobchunk.c
> index 661c5d0..a0ff79c 100644
> --- a/lib/blobchunk.c
> +++ b/lib/blobchunk.c
> @@ -179,7 +179,7 @@ int erofs_blob_remap(void)
>       struct erofs_buffer_head *bh;
>       ssize_t length;
>       erofs_off_t pos_in, pos_out;
> -     int ret;
> +     ssize_t ret;
>  
>       fflush(blobfile);
>       length = ftell(blobfile);
> diff --git a/lib/io.c b/lib/io.c
> index cfc062d..279c7dd 100644
> --- a/lib/io.c
> +++ b/lib/io.c
> @@ -259,9 +259,9 @@ int dev_read(void *buf, u64 offset, size_t len)
>       return 0;
>  }
>  
> -static int __erofs_copy_file_range(int fd_in, erofs_off_t *off_in,
> -                                int fd_out, erofs_off_t *off_out,
> -                                size_t length)
> +static ssize_t __erofs_copy_file_range(int fd_in, erofs_off_t *off_in,
> +                                    int fd_out, erofs_off_t *off_out,
> +                                    size_t length)
>  {
>       size_t copied = 0;
>       char buf[8192];
> @@ -331,9 +331,9 @@ static int __erofs_copy_file_range(int fd_in, erofs_off_t 
> *off_in,
>       return copied;
>  }
>  
> -int erofs_copy_file_range(int fd_in, erofs_off_t *off_in,
> -                       int fd_out, erofs_off_t *off_out,
> -                       size_t length)
> +ssize_t erofs_copy_file_range(int fd_in, erofs_off_t *off_in,
> +                           int fd_out, erofs_off_t *off_out,
> +                           size_t length)
>  {
>  #ifdef HAVE_COPY_FILE_RANGE
>       off64_t off64_in = *off_in, off64_out = *off_out;
> -- 
> 2.34.0.rc0.344.g81b53c2807-goog

Reply via email to