From: Viacheslav Dubeyko Date: Fri, 6 Jun 2025 19:05:45 +0000 (-0700) Subject: ceph: fix overflowed constant issue in ceph_do_objects_copy() X-Git-Url: https://www.infradead.org/git/?a=commitdiff_plain;h=5b2d1377d6cc4147492780b0bd95fb9c4cb28d1b;p=users%2Fhch%2Fmisc.git ceph: fix overflowed constant issue in ceph_do_objects_copy() The Coverity Scan service has detected overflowed constant issue in ceph_do_objects_copy() [1]. The CID 1624308 defect contains explanation: "The overflowed value due to arithmetic on constants is too small or unexpectedly negative, causing incorrect computations. Expression bytes, which is equal to -95, where ret is known to be equal to -95, underflows the type that receives it, an unsigned integer 64 bits wide. In ceph_do_objects_copy: Integer overflow occurs in arithmetic on constant operands (CWE-190)". The patch changes the type of bytes variable from size_t to ssize_t with the goal of to be capable to receive negative values. [1] https://scan5.scan.coverity.com/#/project-view/64304/10063?selectedIssue=1624308 Signed-off-by: Viacheslav Dubeyko Reviewed-by: Alex Markuze Signed-off-by: Ilya Dryomov --- diff --git a/fs/ceph/file.c b/fs/ceph/file.c index 08681cf66137..07052f331611 100644 --- a/fs/ceph/file.c +++ b/fs/ceph/file.c @@ -2880,7 +2880,7 @@ static ssize_t ceph_do_objects_copy(struct ceph_inode_info *src_ci, u64 *src_off struct ceph_object_id src_oid, dst_oid; struct ceph_osd_client *osdc; struct ceph_osd_request *req; - size_t bytes = 0; + ssize_t bytes = 0; u64 src_objnum, src_objoff, dst_objnum, dst_objoff; u32 src_objlen, dst_objlen; u32 object_size = src_ci->i_layout.object_size; @@ -2930,7 +2930,7 @@ static ssize_t ceph_do_objects_copy(struct ceph_inode_info *src_ci, u64 *src_off "OSDs don't support copy-from2; disabling copy offload\n"); } doutc(cl, "returned %d\n", ret); - if (!bytes) + if (bytes <= 0) bytes = ret; goto out; }