Reviewed by: Alex Markuze <amarkuze@xxxxxxxxxx> On Fri, Jun 6, 2025 at 10:05 PM Viacheslav Dubeyko <slava@xxxxxxxxxxx> wrote: > > From: Viacheslav Dubeyko <Slava.Dubeyko@xxxxxxx> > > The Coverity Scan service has detected overflowed constant > issue in ceph_do_objects_copy() [1]. The CID 1624308 > defect contains explanation: "The overflowed value due to > arithmetic on constants is too small or unexpectedly > negative, causing incorrect computations. Expression bytes, > which is equal to -95, where ret is known to be equal to -95, > underflows the type that receives it, an unsigned integer > 64 bits wide. In ceph_do_objects_copy: Integer overflow occurs > in arithmetic on constant operands (CWE-190)". > > The patch changes the type of bytes variable from size_t > to ssize_t with the goal of to be capable to receive > negative values. > > [1] https://scan5.scan.coverity.com/#/project-view/64304/10063?selectedIssue=1624308 > > Signed-off-by: Viacheslav Dubeyko <Slava.Dubeyko@xxxxxxx> > --- > fs/ceph/file.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/fs/ceph/file.c b/fs/ceph/file.c > index 851d70200c6b..e46ff9cb25c5 100644 > --- a/fs/ceph/file.c > +++ b/fs/ceph/file.c > @@ -2883,7 +2883,7 @@ static ssize_t ceph_do_objects_copy(struct ceph_inode_info *src_ci, u64 *src_off > struct ceph_object_id src_oid, dst_oid; > struct ceph_osd_client *osdc; > struct ceph_osd_request *req; > - size_t bytes = 0; > + ssize_t bytes = 0; > u64 src_objnum, src_objoff, dst_objnum, dst_objoff; > u32 src_objlen, dst_objlen; > u32 object_size = src_ci->i_layout.object_size; > @@ -2933,7 +2933,7 @@ static ssize_t ceph_do_objects_copy(struct ceph_inode_info *src_ci, u64 *src_off > "OSDs don't support copy-from2; disabling copy offload\n"); > } > doutc(cl, "returned %d\n", ret); > - if (!bytes) > + if (bytes <= 0) > bytes = ret; > goto out; > } > -- > 2.49.0 >
