cifsd: prevent a integer overflow in wm_alloc()

Dan Carpenter pointed out that there there is a possibility of integer overflow. This patch prevent a integer overflow in wm_alloc(). Signed-off-by: Namjae Jeon <[email protected]> Signed-off-by: Steve French <[email protected]>
author: Namjae Jeon <[email protected]> 2021-04-04 17:52:58 +0900
committer: Steve French <[email protected]> 2021-05-10 19:15:37 -0500
commit: 4030b278368d89bba99a31e87766968cbf7909d2 (patch)
tree: 445d866920ec27d0842968d06ea56a552f4909be
parent: 9cca7516f4c6373223d6059f1a69548fed74c5ed (diff)
1 files changed, 3 insertions, 0 deletions
diff --git a/fs/cifsd/buffer_pool.c b/fs/cifsd/buffer_pool.c
index caf22c190634..1ee1feef1bb4 100644
--- a/fs/cifsd/buffer_pool.c
+++ b/fs/cifsd/buffer_pool.c
@@ -42,6 +42,9 @@ static struct wm *wm_alloc(size_t sz, gfp_t flags)
 	struct wm *wm;
 	size_t alloc_sz = sz + sizeof(struct wm);
 
+	if (sz > SIZE_MAX - sizeof(struct wm))
+		return NULL;
+
 	wm = kvmalloc(alloc_sz, flags);
 	if (!wm)
 		return NULL;
author	Namjae Jeon <[email protected]>	2021-04-04 17:52:58 +0900
committer	Steve French <[email protected]>	2021-05-10 19:15:37 -0500
commit	4030b278368d89bba99a31e87766968cbf7909d2 (patch)
tree	445d866920ec27d0842968d06ea56a552f4909be
parent	9cca7516f4c6373223d6059f1a69548fed74c5ed (diff)