On Wed, Jan 24, 2018 at 12:39:23AM +0100, Greg Kurz wrote:
> +/* size[4] Twrite tag[2] fid[4] offset[8] count[4] data[count] */
> +static P9Req *v9fs_twrite(QVirtIO9P *v9p, uint32_t fid, uint64_t offset,
> + uint32_t count, const void *data, uint16_t tag)
> +{
> + P9Req *req;
> +
> + req = v9fs_req_init(v9p, 4 + 8 + 4 + count, P9_TWRITE, tag);(uint32_t)(4 + 8 + 4 + (uint32_t)count) can overflow. I didn't look closely at the code and it's just a test case, but it seems safer to use types that avoid overflows or to handle them explicitly. It may not be an issue in a test case, but if someone copy pastes this code it could become a security issue.
signature.asc
Description: PGP signature
