diff options
author | Xi Wang <xi.wang@gmail.com> | 2012-02-16 11:56:29 -0500 |
---|---|---|
committer | Ben Hutchings <ben@decadent.org.uk> | 2014-08-06 18:07:42 +0100 |
commit | ce4ded58d4b5869153cf5fde839161dff974cf94 (patch) | |
tree | 4725952499e88672339275a275a36e6292a50e3a | |
parent | 2c58922a118fd60866a28ef23dca495f225e9369 (diff) |
ceph: fix overflow check in build_snap_context()
commit 80834312a4da1405a9bc788313c67643de6fcb4c upstream.
The overflow check for a + n * b should be (n > (ULONG_MAX - a) / b),
rather than (n > ULONG_MAX / b - a).
Signed-off-by: Xi Wang <xi.wang@gmail.com>
Signed-off-by: Sage Weil <sage@newdream.net>
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
-rw-r--r-- | fs/ceph/snap.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/fs/ceph/snap.c b/fs/ceph/snap.c index a559c80f127..f04c0961f99 100644 --- a/fs/ceph/snap.c +++ b/fs/ceph/snap.c @@ -331,7 +331,7 @@ static int build_snap_context(struct ceph_snap_realm *realm) /* alloc new snap context */ err = -ENOMEM; - if (num > ULONG_MAX / sizeof(u64) - sizeof(*snapc)) + if (num > (ULONG_MAX - sizeof(*snapc)) / sizeof(u64)) goto fail; snapc = kzalloc(sizeof(*snapc) + num*sizeof(u64), GFP_NOFS); if (!snapc) |