Commit 6eeabe69 authored Mar 07, 2024 by Marcin Spiewak Committed by Tomasz Zawadzki Mar 22, 2024

lib/scsi: fixed potential expression overflow.



Fixed potential issue found by Coverity.
The function _bytes_to_blocks() takes num_bytes parameter,
which is 64-bit long (uint64_t). In bdev_scsi_write_same()
function, the parameter was calculated as
task->length * xfer_len
Both of the values are 32-bit long, so the expression is
evaluated using 32-bit arithmetic potentially overflowing
the result (truncating to 32-bit). To avoid this, we need
to cast at least one parameter to 64-bit value.

Change-Id: Idd8a52d088a0c971158515a0a542a44595633321
Signed-off-by: Marcin Spiewak <marcin.spiewak@intel.com>
Reviewed-on: https://review.spdk.io/gerrit/c/spdk/spdk/+/22219


Tested-by: SPDK CI Jenkins <sys_sgci@intel.com>
Reviewed-by: Jim Harris <jim.harris@samsung.com>
Community-CI: Mellanox Build Bot
Reviewed-by: Konrad Sztyber <konrad.sztyber@intel.com>

parent 20b6ea82

lib/scsi/scsi_bdev.c

+2 −1

Original line number	Diff line number	Diff line
		@@ -1619,7 +1619,8 @@ bdev_scsi_write_same(struct spdk_bdev bdev, struct spdk_bdev_desc bdev_desc,
		goto check_condition;
		}

		if (_bytes_to_blocks(block_size, task->offset, &offset_blocks, task->length * xfer_len,
		if (_bytes_to_blocks(block_size, task->offset, &offset_blocks,
		(uint64_t)task->length * xfer_len,
		&num_blocks) != 0) {
		SPDK_ERRLOG("task's offset %" PRIu64 " or length %" PRIu32 " is not block multiple\n",
		task->offset, task->length);