cifsiostat: Fix possible integer overflowed argument

In io_sys_init(): cifs_nr is used as argument to calloc() function
though it may have a negative value (adding NR_CIFS_PREALLOC constant
may make it overflow). So test the value before using it.

CID#29709

Signed-off-by: Sebastien GODARD <sysstat@users.noreply.github.com>

diff --git a/cifsiostat.c b/cifsiostat.c
index 7224f2f0312e3ca9fc16cb2450acf0766d9f8558..94239dd4970581891e91906f279834e6bd0c7348 100644 (file)
--- a/cifsiostat.c
+++ b/cifsiostat.c
@@ -174,18 +174,28 @@ void io_sys_init(void)
        if ((cifs_nr = get_cifs_nr()) > 0) {
                cifs_nr += NR_CIFS_PREALLOC;
        }
-       if ((st_hdr_cifs = (struct io_hdr_stats *) calloc(cifs_nr, IO_HDR_STATS_SIZE)) == NULL) {
-               perror("malloc");
-               exit(4);
-       }
 
-       /* Allocate structures for number of CIFS directories found */
-       for (i = 0; i < 2; i++) {
-               if ((st_cifs[i] =
-                   (struct cifs_stats *) calloc(cifs_nr, CIFS_STATS_SIZE)) == NULL) {
+       if (cifs_nr > 0) {
+               if ((st_hdr_cifs = (struct io_hdr_stats *) calloc(cifs_nr, IO_HDR_STATS_SIZE)) == NULL) {
                        perror("malloc");
                        exit(4);
                }
+
+               /* Allocate structures for number of CIFS directories found */
+               for (i = 0; i < 2; i++) {
+                       if ((st_cifs[i] =
+                       (struct cifs_stats *) calloc(cifs_nr, CIFS_STATS_SIZE)) == NULL) {
+                               perror("malloc");
+                               exit(4);
+                       }
+               }
+       }
+       else {
+               /*
+                * cifs_nr value is probably zero, but it can also be negative
+                * (possible overflow when adding NR_CIFS_PREALLOC above).
+                */
+               cifs_nr = 0;
        }
 }