If count * block_size exceeds 2GB, we will overflow a 32-bit signed
integer value. This shouldn't happen in practice except for
fuzz-corrupted file systems, but let's fix the code so it's correct.
Bug: https://github.com/tytso/e2fsprogs/issues/24
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
unsigned char *buf = bufv;
ssize_t really_read = 0;
- size = (count < 0) ? -count : count * channel->block_size;
+ size = (count < 0) ? -count : (ext2_loff_t) count * channel->block_size;
data->io_stats.bytes_read += size;
location = ((ext2_loff_t) block * channel->block_size) + data->offset;
if (count < 0)
size = -count;
else
- size = count * channel->block_size;
+ size = (ext2_loff_t) count * channel->block_size;
}
data->io_stats.bytes_written += size;