git: 3f8ca7a22ed9 - main - fsx: bounds check the inputs
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Fri, 06 Jan 2023 17:56:43 UTC
The branch main has been updated by asomers: URL: https://cgit.FreeBSD.org/src/commit/?id=3f8ca7a22ed917a3e3a4ad78538d9f468d6d3bd8 commit 3f8ca7a22ed917a3e3a4ad78538d9f468d6d3bd8 Author: Alan Somers <asomers@FreeBSD.org> AuthorDate: 2023-01-07 01:54:23 +0000 Commit: Alan Somers <asomers@FreeBSD.org> CommitDate: 2023-01-07 01:54:23 +0000 fsx: bounds check the inputs In particular, don't allow the user to specify a file size that can't be expressed as an int, since fsx's random-number generator only has a 32 bit range. MFC after: 2 weeks --- tools/regression/fsx/fsx.c | 23 +++++++++++++++++------ 1 file changed, 17 insertions(+), 6 deletions(-) diff --git a/tools/regression/fsx/fsx.c b/tools/regression/fsx/fsx.c index 9bf61ffadb09..e84eeb503d42 100644 --- a/tools/regression/fsx/fsx.c +++ b/tools/regression/fsx/fsx.c @@ -105,13 +105,13 @@ int fd; /* fd for our test file */ off_t file_size = 0; off_t biggest = 0; char state[256]; -unsigned long testcalls = 0; /* calls to function "test" */ +long testcalls = 0; /* calls to function "test" */ -unsigned long simulatedopcount = 0; /* -b flag */ +long simulatedopcount = 0; /* -b flag */ int closeprob = 0; /* -c flag */ int invlprob = 0; /* -i flag */ int debug = 0; /* -d flag */ -unsigned long debugstart = 0; /* -D flag */ +long debugstart = 0; /* -D flag */ off_t maxfilelen = 256 * 1024; /* -l flag */ int sizechecks = 1; /* -n flag disables them */ int maxoplen = 64 * 1024; /* -o flag */ @@ -910,7 +910,7 @@ usage(void) -c P: 1 in P chance of file close+open at each op (default infinity)\n\ -d: debug output for all operations\n\ -i P: 1 in P chance of calling msync(MS_INVALIDATE) (default infinity)\n\ - -l flen: the upper bound on file size (default 262144)\n\ + -l flen: the upper bound on file size (default 262144, max 2147483647)\n\ -m startop:endop: monitor (print debug output) specified byte range (default 0:infinity)\n\ -n: no verifications of file size\n\ -o oplen: the upper bound on operation size (default 65536)\n\ @@ -937,32 +937,43 @@ usage(void) int getnum(char *s, char **e) { - int ret = -1; + long long ret = -1; *e = (char *) 0; - ret = strtol(s, e, 0); + ret = strtoll(s, e, 0); if (*e) switch (**e) { case 'b': case 'B': + if (ret > INT_MAX / 512) + return (-1); ret *= 512; *e = *e + 1; break; case 'k': case 'K': + if (ret > INT_MAX / 1024) + return (-1); ret *= 1024; *e = *e + 1; break; case 'm': case 'M': + if (ret > INT_MAX / 1024 / 1024) + return (-1); ret *= 1024*1024; *e = *e + 1; break; case 'w': case 'W': + if (ret > INT_MAX / 4) + return (-1); ret *= 4; *e = *e + 1; break; + default: + if (ret > INT_MAX) + return (-1); } return (ret); }