On 3/6/25 4:50 PM, alison.schofi...@intel.com wrote:
> From: Alison Schofield <alison.schofi...@intel.com>
>
> A coverity scan higlighted an overflow issue when the slot variable,
> an unsigned integer that is initialized to -1, is incremented and
> overflows.
>
> Initialize slot to 0 and increment slot in the for loop header. That
> keeps the comparison to a u32 as is and avoids overflow.
>
> Signed-off-by: Alison Schofield <alison.schofi...@intel.com>
Reviewed-by: Dave Jiang <dave.ji...@intel.com>
> ---
> ndctl/dimm.c | 5 ++---
> 1 file changed, 2 insertions(+), 3 deletions(-)
>
> diff --git a/ndctl/dimm.c b/ndctl/dimm.c
> index 889b620355fc..aaa0abfa046c 100644
> --- a/ndctl/dimm.c
> +++ b/ndctl/dimm.c
> @@ -97,7 +97,7 @@ static struct json_object *dump_label_json(struct
> ndctl_dimm *dimm,
> struct json_object *jlabel = NULL;
> struct namespace_label nslabel;
> unsigned int nsindex_size;
> - unsigned int slot = -1;
> + unsigned int slot = 0;
> ssize_t offset;
>
> if (!jarray)
> @@ -108,14 +108,13 @@ static struct json_object *dump_label_json(struct
> ndctl_dimm *dimm,
> return NULL;
>
> for (offset = nsindex_size * 2; offset < size;
> - offset += ndctl_dimm_sizeof_namespace_label(dimm)) {
> + offset += ndctl_dimm_sizeof_namespace_label(dimm), slot++) {
> ssize_t len = min_t(ssize_t,
> ndctl_dimm_sizeof_namespace_label(dimm),
> size - offset);
> struct json_object *jobj;
> char uuid[40];
>
> - slot++;
> jlabel = json_object_new_object();
> if (!jlabel)
> break;
