The snap_names_len field of an rbd_image_header structure is defined with type size_t. That field is used as both the source and target of 64-bit byte-order swapping operations though, so it's best to define it with type u64 instead.
Signed-off-by: Alex Elder <[email protected]> --- drivers/block/rbd.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) Index: b/drivers/block/rbd.c =================================================================== --- a/drivers/block/rbd.c +++ b/drivers/block/rbd.c @@ -81,7 +81,7 @@ struct rbd_image_header { __u8 crypt_type; __u8 comp_type; struct ceph_snap_context *snapc; - size_t snap_names_len; + u64 snap_names_len; u32 total_snaps; char *snap_names; @@ -511,6 +511,7 @@ static int rbd_header_from_disk(struct r if (snap_count) { header->snap_names_len = le64_to_cpu(ondisk->snap_names_len); + BUG_ON(header->snap_names_len > (u64) SIZE_MAX); header->snap_names = kmalloc(header->snap_names_len, GFP_KERNEL); if (!header->snap_names) -- To unsubscribe from this list: send the line "unsubscribe ceph-devel" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html
