From: Sage Weil <sage@inktank.com>
Date: Sat, 29 Sep 2012 08:30:35 +0000 (-0700)
Subject: mds: fix potential overflow
X-Git-Tag: v0.54~158
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=1cebd989e78bbde1536b40b965e7f5a326212963;p=ceph.git

mds: fix potential overflow

CID 717014: Unintentional integer overflow (OVERFLOW_BEFORE_WIDEN)
At (1): Potentially overflowing expression "in->inode.layout.fl_object_size.operator unsigned int() * in->inode.layout.fl_stripe_count.operator unsigned int()" with type "unsigned int" (32 bits, unsigned) is evaluated using 32-bit arithmetic before being used in a context which expects an expression of type "uint64_t" (64 bits, unsigned). To avoid overflow, cast either operand to "uint64_t" before performing the multiplication.

Signed-off-by: Sage Weil <sage@inktank.com>
---

diff --git a/src/mds/MDCache.cc b/src/mds/MDCache.cc
index 7a5c0f5407db..06933f9cc5fc 100644
--- a/src/mds/MDCache.cc
+++ b/src/mds/MDCache.cc
@@ -8127,7 +8127,7 @@ void MDCache::purge_stray(CDentry *dn)
     dout(10) << "purge_stray dir ... implement me!" << dendl;  // FIXME XXX
     _purge_stray_purged(dn);
   } else if (in->is_file()) {
-    uint64_t period = in->inode.layout.fl_object_size * in->inode.layout.fl_stripe_count;
+    uint64_t period = (uint64_t)in->inode.layout.fl_object_size * (uint64_t)in->inode.layout.fl_stripe_count;
     uint64_t cur_max_size = in->inode.get_max_size();
     uint64_t to = MAX(in->inode.size, cur_max_size);
     if (to && period) {