The branch, master has been updated
via b0ba7cd4f96 vfs_fruit: tmsize prevent overflow Force the type
during arithmetic in order to prevent overflow when summing the Time Machine
folder size. Increase the precision to off_t (used for file sizes), leave the
overflow error traps but with more precise wording.
from a4ed6ada500 Remove unnecessary/incorrect talloc_steal() calls
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit b0ba7cd4f96a6ea227943cb05ef51a463e292b2d
Author: Art M. Gallagher <[email protected]>
Date: Tue Mar 3 21:51:46 2020 +0000
vfs_fruit: tmsize prevent overflow Force the type during arithmetic in
order to prevent overflow when summing the Time Machine folder size. Increase
the precision to off_t (used for file sizes), leave the overflow error traps
but with more precise wording.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13622
Signed-off-by: Art M. Gallagher <[email protected]>
Reviewed-by: Ralph Boehme <[email protected]>
Reviewed-by: Jeremy Allison <[email protected]>
Autobuild-User(master): Jeremy Allison <[email protected]>
Autobuild-Date(master): Sat Mar 7 01:37:31 UTC 2020 on sn-devel-184
-----------------------------------------------------------------------
Summary of changes:
source3/modules/vfs_fruit.c | 12 +++++++++---
1 file changed, 9 insertions(+), 3 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/modules/vfs_fruit.c b/source3/modules/vfs_fruit.c
index ebf3e18af2f..b2d0901a800 100644
--- a/source3/modules/vfs_fruit.c
+++ b/source3/modules/vfs_fruit.c
@@ -4986,15 +4986,21 @@ static bool fruit_tmsize_do_dirent(vfs_handle_struct
*handle,
return true;
}
+ /*
+ * Arithmetic on 32-bit systems may cause overflow, depending on
+ * size_t precision. First we check its unlikely, then we
+ * force the precision into target off_t, then we check that
+ * the total did not overflow either.
+ */
if (bandsize > SIZE_MAX/nbands) {
- DBG_ERR("tmsize overflow: bandsize [%zu] nbands [%zu]\n",
+ DBG_ERR("tmsize potential overflow: bandsize [%zu] nbands
[%zu]\n",
bandsize, nbands);
return false;
}
- tm_size = bandsize * nbands;
+ tm_size = (off_t)bandsize * (off_t)nbands;
if (state->total_size + tm_size < state->total_size) {
- DBG_ERR("tmsize overflow: bandsize [%zu] nbands [%zu]\n",
+ DBG_ERR("tm total size overflow: bandsize [%zu] nbands [%zu]\n",
bandsize, nbands);
return false;
}
--
Samba Shared Repository
