On 3/3/25 5:37 PM, [email protected] wrote:
> From: Alison Schofield <[email protected]>
>
> A coverity scan higlighted an overflow issue when the slot variable,
> an unsigned integer that is initialized to -1, is incremented and
> overflows.
>
> Initialize slot to 0 and move the increment statement to after slot
> is evaluated. That keeps the comparison to a u32 as is and avoids
> overflow.
>
> Signed-off-by: Alison Schofield <[email protected]>
> ---
> ndctl/dimm.c | 8 +++++---
> 1 file changed, 5 insertions(+), 3 deletions(-)
>
> diff --git a/ndctl/dimm.c b/ndctl/dimm.c
> index 889b620355fc..c39c69bfa336 100644
> --- a/ndctl/dimm.c
> +++ b/ndctl/dimm.c
> @@ -97,7 +97,7 @@ static struct json_object *dump_label_json(struct
> ndctl_dimm *dimm,
> struct json_object *jlabel = NULL;
> struct namespace_label nslabel;
> unsigned int nsindex_size;
> - unsigned int slot = -1;
> + unsigned int slot = 0;
> ssize_t offset;
>
> if (!jarray)
> @@ -115,7 +115,6 @@ static struct json_object *dump_label_json(struct
> ndctl_dimm *dimm,
> struct json_object *jobj;
> char uuid[40];
>
> - slot++;
> jlabel = json_object_new_object();
> if (!jlabel)
> break;
> @@ -127,8 +126,11 @@ static struct json_object *dump_label_json(struct
> ndctl_dimm *dimm,
> if (len < 0)
> break;
>
> - if (le32_to_cpu(nslabel.slot) != slot)
> + if (le32_to_cpu(nslabel.slot) != slot) {
> + slot++;
> continue;
> + }
> + slot++;
Wonder if you can just increment the slot in the for() since it's not being
used after this.
>
> uuid_unparse((void *) nslabel.uuid, uuid);
> jobj = json_object_new_string(uuid);
