git-server-git.apps.pok.os.sepia.ceph.com Git

author	Raphael Zimmer <raphael.zimmer@tu-ilmenau.de>
	Thu, 26 Feb 2026 15:07:31 +0000 (16:07 +0100)
committer	Viacheslav Dubeyko <Slava.Dubeyko@ibm.com>
	Thu, 26 Feb 2026 20:02:39 +0000 (12:02 -0800)
commit	2443d1d01bd7836d15916f3015e0a73591508457
tree	49ca266e4f5337bc6b6c162bcff1ae9c009a3f37	tree \| snapshot
parent	7368dcf06052074a7c09b04df3287cadf06f60cb	commit \| diff

libceph: Use u32 for non-negative values in ceph_monmap_decode()

This patch fixes unnecessary implicit conversions that change signedness
of blob_len and num_mon in ceph_monmap_decode().
Currently blob_len and num_mon are (signed) int variables. They are used
to hold values that are always non-negative and get assigned in
ceph_decode_32_safe(), which is meant to assign u32 values. Both
variables are subsequently used as unsigned values, and the value of
num_mon is further assigned to monmap->num_mon, which is of type u32.
Therefore, both variables should be of type u32. This is especially
relevant for num_mon. If the value read from the incoming message is
very large, it is interpreted as a negative value, and the check for
num_mon > CEPH_MAX_MON does not catch it. This leads to the attempt to
allocate a very large chunk of memory for monmap, which will most likely
fail. In this case, an unnecessary attempt to allocate memory is
performed, and -ENOMEM is returned instead of -EINVAL.

Signed-off-by: Raphael Zimmer <raphael.zimmer@tu-ilmenau.de>
Reviewed-by: Viacheslav Dubeyko <Slava.Dubeyko@ibm.com>