From: Luca Boccassi <luca.boccassi@gmail.com>
Date: Tue, 7 Apr 2026 23:59:48 +0000 (+0100)
Subject: limits-util: use MUL_SAFE for physical memory calculation
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=40eef914f35208ee3f34faf063e2e5bdb94cc034;p=thirdparty%2Fsystemd.git

limits-util: use MUL_SAFE for physical memory calculation

Coverity flags (uint64_t)sc * (uint64_t)ps as a potential overflow.
Use MUL_SAFE which Coverity understands via __builtin_mul_overflow.
Physical page count times page size cannot realistically overflow
uint64_t, but this makes it provable to static analyzers.

CID#1548042

Follow-up for 09bb6448ae221c09a00d1f4a9b45ce8535003319
---

diff --git a/src/basic/limits-util.c b/src/basic/limits-util.c
index 02fbe92cc77..732d0c6a6f4 100644
--- a/src/basic/limits-util.c
+++ b/src/basic/limits-util.c
@@ -28,9 +28,9 @@ uint64_t physical_memory(void) {
         assert(sc > 0);
 
         ps = page_size();
-        /* Silence static analyzers */
-        assert((uint64_t) sc <= UINT64_MAX / (uint64_t) ps);
-        mem = (uint64_t) sc * (uint64_t) ps;
+        /* Physical page count times page size cannot realistically overflow uint64_t,
+         * but use MUL_SAFE to make this obvious to static analyzers. */
+        assert_se(MUL_SAFE(&mem, (uint64_t) sc, (uint64_t) ps));
 
         r = cg_get_root_path(&root);
         if (r < 0) {