[PATCH] fs/ntfs3: Fix a couple integer overflows on 32bit systems

From: Dan Carpenter
Date: Sun Feb 16 2025 - 15:52:17 EST

Next message: Dan Carpenter: "[PATCH] fs/ntfs3: Prevent integer overflow in hdr_first_de()"
Previous message: Kurt Borja: "Re: [PATCH 10/10] platform/x86: alienware-wmi: Improve and update documentation"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 32bit systems the "off + sizeof(struct NTFS_DE)" addition can
have an integer wrapping issue. Fix it by using size_add().

Fixes: 82cae269cfa9 ("fs/ntfs3: Add initialization of super block")
Signed-off-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx>
---
fs/ntfs3/index.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/fs/ntfs3/index.c b/fs/ntfs3/index.c
index 7eb9fae22f8d..78d20e4baa2c 100644
--- a/fs/ntfs3/index.c
+++ b/fs/ntfs3/index.c
@@ -618,7 +618,7 @@ static bool index_hdr_check(const struct INDEX_HDR *hdr, u32 bytes)
u32 off = le32_to_cpu(hdr->de_off);

if (!IS_ALIGNED(off, 8) || tot > bytes || end > tot ||
- off + sizeof(struct NTFS_DE) > end) {
+ size_add(off, sizeof(struct NTFS_DE)) > end) {
/* incorrect index buffer. */
return false;
}
@@ -736,7 +736,7 @@ static struct NTFS_DE *hdr_find_e(const struct ntfs_index *indx,
if (end > total)
return NULL;

- if (off + sizeof(struct NTFS_DE) > end)
+ if (size_add(off, sizeof(struct NTFS_DE)) > end)
return NULL;

e = Add2Ptr(hdr, off);
--
2.47.2

Next message: Dan Carpenter: "[PATCH] fs/ntfs3: Prevent integer overflow in hdr_first_de()"
Previous message: Kurt Borja: "Re: [PATCH 10/10] platform/x86: alienware-wmi: Improve and update documentation"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]