granicus.if.org Git - zfs/commit

author	Colin Ian King <colin.king@canonical.com>
	Wed, 27 Jul 2016 08:26:38 +0000 (09:26 +0100)
committer	Brian Behlendorf <behlendorf1@llnl.gov>
	Wed, 27 Jul 2016 20:38:46 +0000 (13:38 -0700)
commit	bf18fd89f983e86e070cdda2c6ac6d9db4f48cc2
tree	a8c9f43ae8b1a1e3baf187c0a7959440deec2703	tree \| snapshot
parent	8a39abaafad51861daf197b0e9809dfcf77fd3cf	commit \| diff

void integer overflow on computation of refquota_slack

DMU_MAX_ACCESS should be cast to a uint64_t otherwise the
multiplication of DMU_MAX_ACCESS with spa_asize_inflation will
be 32 bit and may lead to an overflow. Currently DMU_MAX_ACCESS
is 64 * 1024 * 1024, so spa_asize_inflation being 64 or more will
lead to an overflow.

Found by static analysis with CoverityScan 0.8.5

CID 150942 (#1 of 1): Unintentional integer overflow
  (OVERFLOW_BEFORE_WIDEN)
overflow_before_widen: Potentially overflowing expression
  67108864 * spa_asize_inflation with type int (32 bits, signed)
  is evaluated using 32-bit arithmetic, and then used in a context
  that expects an expression of type uint64_t (64 bits, unsigned).

Signed-off-by: Colin Ian King <colin.king@canonical.com>
Signed-off-by: Brian Behlendorf <behlendorf1@llnl.gov>
Closes #4889