Bug#741955: linux: ssize_t casted to unsigned int in fs/cifs/file.c when CONFIG_CIFS_STATS is set

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#741955: linux: ssize_t casted to unsigned int in fs/cifs/file.c when CONFIG_CIFS_STATS is set
From: Raphael Geissert <geissert@debian.org>
Date: Mon, 17 Mar 2014 17:03:17 +0100
Message-id: <[🔎] CAA7hUgF1sEh1u6SByouz+LngDAF2D+QHzpG+8vzXdawLxyF4Zg@mail.gmail.com>
Reply-to: Raphael Geissert <geissert@debian.org>, 741955@bugs.debian.org

Source: linux
Version: 3.2.54-2
Severity: minor

Hi,

Similar to my previous bug report, I noticed that cifs_iovec_write
sets the sszie_t 'total_written' to 'rc'[1] but at a later point it
calls cifs_stats_bytes_written[2] with that <0 value.
When CONFIG_CIFS_STATS is set, it casts what is passed from
'total_written' as an unsigned int and then increases a counter
(tcon->bytes_written) with it.

Have not checked what could happen later on.

This seems to have been fixed in 3.4 with the move to async writes
with da82f7e755d2808ba726c9b23267d5bb23980e94.

[1}http://sources.debian.net/src/linux/3.2.54-2/fs/cifs/file.c#L2204
[2]http://sources.debian.net/src/linux/3.2.54-2/fs/cifs/file.c#L2219

Cheers,
-- 
Raphael Geissert - Debian Developer
www.debian.org - get.debian.net

Reply to:

Prev by Date: Bug#741952: linux: Possible bug in 3.2's cifs/file.c, use of uninitialized variable
Next by Date: Bug#741957: 3.13-1 fails to properly initialize LSI SAS1068E controller
Previous by thread: Bug#741952: linux: Possible bug in 3.2's cifs/file.c, use of uninitialized variable
Next by thread: Bug#741957: 3.13-1 fails to properly initialize LSI SAS1068E controller
Index(es):
- Date
- Thread