ceph: fix overflowed constant issue in ceph_do_objects_copy()

The Coverity Scan service has detected overflowed constant
issue in ceph_do_objects_copy() [1]. The CID 1624308
defect contains explanation: "The overflowed value due to
arithmetic on constants is too small or unexpectedly
negative, causing incorrect computations. Expression bytes,
which is equal to -95, where ret is known to be equal to -95,
underflows the type that receives it, an unsigned integer
64 bits wide. In ceph_do_objects_copy: Integer overflow occurs
in arithmetic on constant operands (CWE-190)".

The patch changes the type of bytes variable from size_t
to ssize_t with the goal of to be capable to receive
negative values.

[1] https://scan5.scan.coverity.com/#/project-view/64304/10063?selectedIssue=1624308

Signed-off-by: Viacheslav Dubeyko <Slava.Dubeyko@ibm.com>
Reviewed-by: Alex Markuze <amarkuze@redhat.com>
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>

diff --git a/fs/ceph/file.c b/fs/ceph/file.c
index 08681cf661375d46750e552e2bd97af5163140fb..07052f331611847b2fafafd4d70438223e556718 100644 (file)
--- a/fs/ceph/file.c
+++ b/fs/ceph/file.c
@@ -2880,7 +2880,7 @@ static ssize_t ceph_do_objects_copy(struct ceph_inode_info *src_ci, u64 *src_off
        struct ceph_object_id src_oid, dst_oid;
        struct ceph_osd_client *osdc;
        struct ceph_osd_request *req;
-       size_t bytes = 0;
+       ssize_t bytes = 0;
        u64 src_objnum, src_objoff, dst_objnum, dst_objoff;
        u32 src_objlen, dst_objlen;
        u32 object_size = src_ci->i_layout.object_size;
@@ -2930,7 +2930,7 @@ static ssize_t ceph_do_objects_copy(struct ceph_inode_info *src_ci, u64 *src_off
                                        "OSDs don't support copy-from2; disabling copy offload\n");
                        }
                        doutc(cl, "returned %d\n", ret);
-                       if (!bytes)
+                       if (bytes <= 0)
                                bytes = ret;
                        goto out;
                }