aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorXi Wang <xi.wang@gmail.com>2012-02-16 11:56:29 -0500
committerBen Hutchings <ben@decadent.org.uk>2014-08-06 18:07:42 +0100
commitce4ded58d4b5869153cf5fde839161dff974cf94 (patch)
tree4725952499e88672339275a275a36e6292a50e3a
parent2c58922a118fd60866a28ef23dca495f225e9369 (diff)
ceph: fix overflow check in build_snap_context()
commit 80834312a4da1405a9bc788313c67643de6fcb4c upstream. The overflow check for a + n * b should be (n > (ULONG_MAX - a) / b), rather than (n > ULONG_MAX / b - a). Signed-off-by: Xi Wang <xi.wang@gmail.com> Signed-off-by: Sage Weil <sage@newdream.net> Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
-rw-r--r--fs/ceph/snap.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/fs/ceph/snap.c b/fs/ceph/snap.c
index a559c80f127..f04c0961f99 100644
--- a/fs/ceph/snap.c
+++ b/fs/ceph/snap.c
@@ -331,7 +331,7 @@ static int build_snap_context(struct ceph_snap_realm *realm)
/* alloc new snap context */
err = -ENOMEM;
- if (num > ULONG_MAX / sizeof(u64) - sizeof(*snapc))
+ if (num > (ULONG_MAX - sizeof(*snapc)) / sizeof(u64))
goto fail;
snapc = kzalloc(sizeof(*snapc) + num*sizeof(u64), GFP_NOFS);
if (!snapc)