This is an automated email from the ASF dual-hosted git repository. pkarashchenko pushed a commit to branch releases/12.2 in repository https://gitbox.apache.org/repos/asf/nuttx.git
The following commit(s) were added to refs/heads/releases/12.2 by this push: new d905a4e8a0 fs/fat: Fix undefined behavior in signed integer overflow check d905a4e8a0 is described below commit d905a4e8a048e0f59e416d99e2cc89be3bb2e311 Author: Mingjie Shen <shen...@purdue.edu> AuthorDate: Mon Jun 26 00:36:28 2023 -0400 fs/fat: Fix undefined behavior in signed integer overflow check Testing for overflow by adding a value to a variable to see if it "wraps around" works only for unsigned integer values, because signed overflow has undefined behavior according to the C and C++ standards. Signed-off-by: Mingjie Shen <shen...@purdue.edu> --- fs/fat/fs_fat32.c | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/fs/fat/fs_fat32.c b/fs/fat/fs_fat32.c index 7f30d6d570..14238cd7aa 100644 --- a/fs/fat/fs_fat32.c +++ b/fs/fat/fs_fat32.c @@ -44,6 +44,16 @@ #include "inode/inode.h" #include "fs_fat32.h" +/**************************************************************************** + * Pre-processor Definitions + ****************************************************************************/ + +#if defined(CONFIG_FS_LARGEFILE) +# define OFF_MAX INT64_MAX +#else +# define OFF_MAX INT32_MAX +#endif + /**************************************************************************** * Private Function Prototypes ****************************************************************************/ @@ -764,7 +774,7 @@ static ssize_t fat_write(FAR struct file *filep, FAR const char *buffer, /* Check if the file size would exceed the range of off_t */ - if (ff->ff_size + buflen < ff->ff_size) + if (buflen > OFF_MAX || ff->ff_size > OFF_MAX - (off_t)buflen) { ret = -EFBIG; goto errout_with_lock;