On 3/3/25 5:37 PM, alison.schofi...@intel.com wrote:
> From: Alison Schofield <alison.schofi...@intel.com>
>
> A coverity scan highlighted an integer overflow issue when testing
> if the size and align parameters make sense together.
>
> Before performing the multiplication, check that the result will not
> exceed the maximimum value that an unsigned long long can hold.
>
> Signed-off-by: Alison Schofield <alison.schofi...@intel.com>
Reviewed-by: Dave Jiang <dave.ji...@intel.com>
nit below
> ---
> ndctl/namespace.c | 8 +++++++-
> 1 file changed, 7 insertions(+), 1 deletion(-)
>
> diff --git a/ndctl/namespace.c b/ndctl/namespace.c
> index aa8c23a50385..bb0c2f2e28c7 100644
> --- a/ndctl/namespace.c
> +++ b/ndctl/namespace.c
> @@ -865,9 +865,15 @@ static int validate_namespace_options(struct
> ndctl_region *region,
> * option
> */
> size_align = max(units, size_align) * ways;
> -
stray edit?
> p->size /= size_align;
> p->size++;
> +
> + if (p->size > ULLONG_MAX / size_align) {
> + err("size overflow: %llu * %llu exceeds ULLONG_MAX\n",
> + p->size, size_align);
> + return -EINVAL;
> + }
> +
> p->size *= size_align;
> p->size /= units;
> err("'--size=' must align to interleave-width: %d and
> alignment: %ld\n"
