From 51e38c92bed26f648ec187c4400fa7512fcd8067 Mon Sep 17 00:00:00 2001
From: Kees Cook <keescook@chromium.org>
Date: Sat, 4 Feb 2023 10:34:27 -0800
Subject: udf: Use unsigned variables for size calculations

To avoid confusing the compiler about possible negative sizes, switch
various size variables that can never be negative from int to u32. Seen
with GCC 13:

../fs/udf/directory.c: In function 'udf_copy_fi':
../include/linux/fortify-string.h:57:33: warning: '__builtin_memcpy' pointer overflow between offset 80 and size [-2147483648, -1] [-Warray-bounds=]
   57 | #define __underlying_memcpy     __builtin_memcpy
      |                                 ^
...
../fs/udf/directory.c:102:9: note: in expansion of macro 'memcpy'
  102 |         memcpy(&iter->fi, iter->bh[0]->b_data + off, len);
      |         ^~~~~~

Cc: Jan Kara <jack@suse.com>
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Jan Kara <jack@suse.cz>
Message-Id: <20230204183427.never.856-kees@kernel.org>
---
 fs/udf/directory.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

(limited to 'fs/udf')

diff --git a/fs/udf/directory.c b/fs/udf/directory.c
index 2e13c4b5fb81..e0bb73d414dd 100644
--- a/fs/udf/directory.c
+++ b/fs/udf/directory.c
@@ -71,8 +71,9 @@ static int udf_verify_fi(struct udf_fileident_iter *iter)
 static int udf_copy_fi(struct udf_fileident_iter *iter)
 {
 	struct udf_inode_info *iinfo = UDF_I(iter->dir);
-	int blksize = 1 << iter->dir->i_blkbits;
-	int err, off, len, nameoff;
+	u32 blksize = 1 << iter->dir->i_blkbits;
+	u32 off, len, nameoff;
+	int err;
 
 	/* Skip copying when we are at EOF */
 	if (iter->pos >= iter->dir->i_size) {
-- 
cgit