Date: Thu, 1 Oct 2020 03:10:43 +0000 (UTC) From: Xin LI <delphij@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-11@freebsd.org Subject: svn commit: r366306 - stable/11/sbin/fsck_msdosfs Message-ID: <202010010310.0913AhUh025943@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: delphij Date: Thu Oct 1 03:10:42 2020 New Revision: 366306 URL: https://svnweb.freebsd.org/changeset/base/366306 Log: MFC r366064, r366065, r366215: sbin/fsck_msdosfs: Fix an integer overflow on 32-bit platforms Modified: stable/11/sbin/fsck_msdosfs/dir.c Directory Properties: stable/11/ (props changed) Modified: stable/11/sbin/fsck_msdosfs/dir.c ============================================================================== --- stable/11/sbin/fsck_msdosfs/dir.c Thu Oct 1 03:08:23 2020 (r366305) +++ stable/11/sbin/fsck_msdosfs/dir.c Thu Oct 1 03:10:42 2020 (r366306) @@ -388,7 +388,8 @@ static int checksize(struct fat_descriptor *fat, u_char *p, struct dosDirEntry *dir) { int ret = FSOK; - size_t physicalSize; + size_t chainsize; + u_int64_t physicalSize; struct bootblock *boot; boot = fat_get_boot(fat); @@ -401,9 +402,9 @@ checksize(struct fat_descriptor *fat, u_char *p, struc } else { if (!fat_is_valid_cl(fat, dir->head)) return FSERROR; - ret = checkchain(fat, dir->head, &physicalSize); + ret = checkchain(fat, dir->head, &chainsize); /* - * Upon return, physicalSize would hold the chain length + * Upon return, chainsize would hold the chain length * that checkchain() was able to validate, but if the user * refused the proposed repair, it would be unsafe to * proceed with directory entry fix, so bail out in that @@ -412,11 +413,17 @@ checksize(struct fat_descriptor *fat, u_char *p, struc if (ret == FSERROR) { return (FSERROR); } - physicalSize *= boot->ClusterSize; + /* + * The maximum file size on FAT32 is 4GiB - 1, which + * will occupy a cluster chain of exactly 4GiB in + * size. On 32-bit platforms, since size_t is 32-bit, + * it would wrap back to 0. + */ + physicalSize = (u_int64_t)chainsize * boot->ClusterSize; } if (physicalSize < dir->size) { - pwarn("size of %s is %u, should at most be %zu\n", - fullpath(dir), dir->size, physicalSize); + pwarn("size of %s is %u, should at most be %ju\n", + fullpath(dir), dir->size, (uintmax_t)physicalSize); if (ask(1, "Truncate")) { dir->size = physicalSize; p[28] = (u_char)physicalSize;
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202010010310.0913AhUh025943>