...
case NBD_SET_SIZE: return nbd_set_size(nbd, arg, config->blksize); case NBD_SET_SIZE_BLOCKS: - if (check_mul_overflow((loff_t)arg, config->blksize, &bytesize)) + if (arg && (LLONG_MAX / arg <= config->blksize)) return -EINVAL; - return nbd_set_size(nbd, bytesize, config->blksize); + return nbd_set_size(nbd, arg * config->blksize, + config->blksize);
Shouldn't there just be sanity bound checks on 'config->blksize' and 'arg' so that the product is never going to overflow?
It isn't as though any values near the overflow limit are sane.
I suspect you could check config->blksize <= 64k && arg <= 32k and even that would be generous.
David
- Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK Registration No: 1397386 (Wales)