From: Martin Wilck <[email protected]> For an int n, it's possible that n > 0 and (26 * n) > 0, but and still 26 * n overflows the int. E.g. n = 0x0ec4ec4e; 26 * n = 0x17fffffec, truncated to 32 bit yields 0x7fffffec, which is > 0.
And anyway, relying on a signed int overflow to detect a problem is wrong, as the result of such operations is undefined in C. Signed-off-by: Martin Wilck <[email protected]> --- libmultipath/alias.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/libmultipath/alias.c b/libmultipath/alias.c index 0fb206d1..a96ba5cc 100644 --- a/libmultipath/alias.c +++ b/libmultipath/alias.c @@ -77,6 +77,7 @@ scan_devname(const char *alias, const char *prefix) { const char *c; int i, n = 0; + static const int last_26 = INT_MAX / 26; if (!prefix || strncmp(alias, prefix, strlen(prefix))) return -1; @@ -93,9 +94,9 @@ scan_devname(const char *alias, const char *prefix) if (*c < 'a' || *c > 'z') return -1; i = *c - 'a'; - n = ( n * 26 ) + i; - if (n < 0) + if (n > last_26 || (n == last_26 && i >= INT_MAX % 26)) return -1; + n = n * 26 + i; c++; n++; } -- 2.23.0 -- dm-devel mailing list [email protected] https://www.redhat.com/mailman/listinfo/dm-devel
