On Wed, Mar 05, 2025 at 09:38:31AM -0700, Dave Jiang wrote:
>
>
> On 3/3/25 5:37 PM, [email protected] wrote:
> > From: Alison Schofield <[email protected]>
> >
> > A coverity scan higlighted an overflow issue when the slot variable,
> > an unsigned integer that is initialized to -1, is incremented and
> > overflows.
> >
> > Initialize slot to 0 and move the increment statement to after slot
> > is evaluated. That keeps the comparison to a u32 as is and avoids
> > overflow.
> >
> > Signed-off-by: Alison Schofield <[email protected]>
> > ---
> > ndctl/dimm.c | 8 +++++---
> > 1 file changed, 5 insertions(+), 3 deletions(-)
> >
> > diff --git a/ndctl/dimm.c b/ndctl/dimm.c
> > index 889b620355fc..c39c69bfa336 100644
> > --- a/ndctl/dimm.c
> > +++ b/ndctl/dimm.c
> > @@ -97,7 +97,7 @@ static struct json_object *dump_label_json(struct
> > ndctl_dimm *dimm,
> > struct json_object *jlabel = NULL;
> > struct namespace_label nslabel;
> > unsigned int nsindex_size;
> > - unsigned int slot = -1;
> > + unsigned int slot = 0;
> > ssize_t offset;
> >
> > if (!jarray)
> > @@ -115,7 +115,6 @@ static struct json_object *dump_label_json(struct
> > ndctl_dimm *dimm,
> > struct json_object *jobj;
> > char uuid[40];
> >
> > - slot++;
> > jlabel = json_object_new_object();
> > if (!jlabel)
> > break;
> > @@ -127,8 +126,11 @@ static struct json_object *dump_label_json(struct
> > ndctl_dimm *dimm,
> > if (len < 0)
> > break;
> >
> > - if (le32_to_cpu(nslabel.slot) != slot)
> > + if (le32_to_cpu(nslabel.slot) != slot) {
> > + slot++;
> > continue;
> > + }
> > + slot++;
>
> Wonder if you can just increment the slot in the for() since it's not being
> used after this.
Nice - thanks!
Changing to: for (offset = nsindex_size * 2; offset < size;
offset += ndctl_dimm_sizeof_namespace_label(dimm), slot++)
>
> >
> > uuid_unparse((void *) nslabel.uuid, uuid);
> > jobj = json_object_new_string(uuid);
>
