Two changes: First, we can't check multiplication overflow after the
operation. This has to be done before with a division. Second, there
is no OFF_T_MAX, and both operands are size_t, so check for
SIZE_MAX. The result is assigned to off_t, but I'm not sure where the
automatic coercion from size_t to off_t would happen.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
return true;
}
- tm_size = bandsize * nbands;
- if (tm_size > UINT64_MAX) {
+ if (bandsize > SIZE_MAX/nbands) {
DBG_ERR("tmsize overflow: bandsize [%zu] nbands [%zu]\n",
bandsize, nbands);
return false;
}
+ tm_size = bandsize * nbands;
if (state->total_size + tm_size < state->total_size) {
DBG_ERR("tmsize overflow: bandsize [%zu] nbands [%zu]\n",