The callback functions use a signed int type, but the callers have
only verified the value as an unsigned type. This should be only
a cosmetic change because if the value wraps around, this error
check catches it:
if (reclen > buf->count)
return -EINVAL;
But it should be clearer to prevent the wrap-around.
Signed-off-by: Florian Weimer <[email protected]>
---
fs/readdir.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/fs/readdir.c b/fs/readdir.c
index 2f6a4534e0df..d344061e387e 100644
--- a/fs/readdir.c
+++ b/fs/readdir.c
@@ -159,7 +159,7 @@ struct getdents_callback {
struct dir_context ctx;
struct linux_dirent __user * current_dir;
struct linux_dirent __user * previous;
- int count;
+ unsigned int count;
int error;
};
@@ -246,7 +246,7 @@ struct getdents_callback64 {
struct dir_context ctx;
struct linux_dirent64 __user * current_dir;
struct linux_dirent64 __user * previous;
- int count;
+ unsigned int count;
int error;
};
@@ -413,7 +413,7 @@ struct compat_getdents_callback {
struct dir_context ctx;
struct compat_linux_dirent __user *current_dir;
struct compat_linux_dirent __user *previous;
- int count;
+ unsigned int count;
int error;
};
--
2.21.0
