From f3e98f41de25e3b52fd38f86317e428bfb53b287 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Wed, 28 Mar 2018 07:17:59 -0500 Subject: [PATCH] vfs_fruit: Fix CID 1433613 Operands don't affect result Two changes: First, we can't check multiplication overflow after the operation. This has to be done before with a division. Second, there is no OFF_T_MAX, and both operands are size_t, so check for SIZE_MAX. The result is assigned to off_t, but I'm not sure where the automatic coercion from size_t to off_t would happen. Signed-off-by: Volker Lendecke Reviewed-by: Jeremy Allison --- source3/modules/vfs_fruit.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/source3/modules/vfs_fruit.c b/source3/modules/vfs_fruit.c index 1a05d0bae346..4299583b21be 100644 --- a/source3/modules/vfs_fruit.c +++ b/source3/modules/vfs_fruit.c @@ -6515,12 +6515,12 @@ static bool fruit_tmsize_do_dirent(vfs_handle_struct *handle, return true; } - tm_size = bandsize * nbands; - if (tm_size > UINT64_MAX) { + if (bandsize > SIZE_MAX/nbands) { DBG_ERR("tmsize overflow: bandsize [%zu] nbands [%zu]\n", bandsize, nbands); return false; } + tm_size = bandsize * nbands; if (state->total_size + tm_size < state->total_size) { DBG_ERR("tmsize overflow: bandsize [%zu] nbands [%zu]\n", -- 2.34.1