ivampiresp/Spdk
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

nvmf/vfio_user: add numdw to avoide signed integer overflow

Browse Source 
This patch fix issue: #2835

Signed-off-by: Sebastian Brzezinka <sebastian.brzezinka@intel.com>
Change-Id: Ide49314c39a17e1da78303e59dde5855a0ee38a0
Reviewed-on: https://review.spdk.io/gerrit/c/spdk/spdk/+/16029
Tested-by: SPDK CI Jenkins <sys_sgci@intel.com>
Community-CI: Mellanox Build Bot
Reviewed-by: Changpeng Liu <changpeng.liu@intel.com>
Reviewed-by: Jim Harris <james.r.harris@intel.com>
This commit is contained in:
Sebastian Brzezinka 2022-12-20 12:46:16 +01:00 committed by Jim Harris
parent 958d4e0e05
commit be59f5d513
1 changed files with 6 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
lib/nvmf/vfio_user.c
View File

@ -5350,7 +5350,7 @@ static int
map_admin_cmd_req(struct nvmf_vfio_user_ctrlr *ctrlr, struct spdk_nvmf_request *req)
{
struct spdk_nvme_cmd *cmd = &req->cmd->nvme_cmd;
uint32_t len = 0;
uint32_t len = 0, numdw = 0;
uint8_t fid;
int iovcnt;
@ -5367,7 +5367,11 @@ map_admin_cmd_req(struct nvmf_vfio_user_ctrlr *ctrlr, struct spdk_nvmf_request *
len = 4096;
break;
case SPDK_NVME_OPC_GET_LOG_PAGE:
len = (((cmd->cdw11_bits.get_log_page.numdu << 16) | cmd->cdw10_bits.get_log_page.numdl) + 1) * 4;
numdw = (((cmd->cdw11_bits.get_log_page.numdu << 16) | cmd->cdw10_bits.get_log_page.numdl) + 1);
if (numdw > UINT32_MAX / 4) {
return -EINVAL;
}
len = numdw * 4;
break;
case SPDK_NVME_OPC_GET_FEATURES:
case SPDK_NVME_OPC_SET_FEATURES: