diff options
author | Dan Carpenter <dan.carpenter@linaro.org> | 2023-09-14 17:59:10 +0300 |
---|---|---|
committer | Kent Overstreet <kent.overstreet@linux.dev> | 2023-09-14 15:56:41 -0400 |
commit | 3567a5dc61abed9924051091e201b5a7b718b8ef (patch) | |
tree | 8940c233b72ceef6b86bf98481435afadc76a065 | |
parent | 563d13425a8cade353d2af2f92e0b8027c2ae0f8 (diff) |
bcachefs: chardev: fix an integer overflow (32 bit only)
On 32 bit systems, "sizeof(*arg) + replica_entries_bytes" can have an
integer overflow leading to memory corruption. Use size_add() to
prevent this.
Fixes: b44dd3797034 ("bcachefs: Redo filesystem usage ioctls")
Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org>
Signed-off-by: Kent Overstreet <kent.overstreet@linux.dev>
-rw-r--r-- | fs/bcachefs/chardev.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/fs/bcachefs/chardev.c b/fs/bcachefs/chardev.c index e5e9fddddfb5..51d671267741 100644 --- a/fs/bcachefs/chardev.c +++ b/fs/bcachefs/chardev.c @@ -421,7 +421,7 @@ static long bch2_ioctl_fs_usage(struct bch_fs *c, if (get_user(replica_entries_bytes, &user_arg->replica_entries_bytes)) return -EFAULT; - arg = kzalloc(sizeof(*arg) + replica_entries_bytes, GFP_KERNEL); + arg = kzalloc(size_add(sizeof(*arg), replica_entries_bytes), GFP_KERNEL); if (!arg) return -ENOMEM; |