vfs_fruit: Fix CID 1433613 Operands don't affect result

Two changes: First, we can't check multiplication overflow after the
operation. This has to be done before with a division. Second, there
is no OFF_T_MAX, and both operands are size_t, so check for
SIZE_MAX. The result is assigned to off_t, but I'm not sure where the
automatic coercion from size_t to off_t would happen.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

diff --git a/source3/modules/vfs_fruit.c b/source3/modules/vfs_fruit.c
index 1a05d0bae3462bc5f3dc458defcf5be195ab5968..4299583b21be4f070aa7a706a05fa571799fe9eb 100644 (file)
--- a/source3/modules/vfs_fruit.c
+++ b/source3/modules/vfs_fruit.c
@@ -6515,12 +6515,12 @@ static bool fruit_tmsize_do_dirent(vfs_handle_struct *handle,
                return true;
        }
 
-       tm_size = bandsize * nbands;
-       if (tm_size > UINT64_MAX) {
+       if (bandsize > SIZE_MAX/nbands) {
                DBG_ERR("tmsize overflow: bandsize [%zu] nbands [%zu]\n",
                        bandsize, nbands);
                return false;
        }
+       tm_size = bandsize * nbands;
 
        if (state->total_size + tm_size < state->total_size) {
                DBG_ERR("tmsize overflow: bandsize [%zu] nbands [%zu]\n",