diff options
| author | Anton Moryakov <ant.v.moryakov@gmail.com> | 2025-10-28 13:48:10 +0300 |
|---|---|---|
| committer | David Oberhollenzer <david.oberhollenzer@sigma-star.at> | 2026-04-13 08:42:56 +0200 |
| commit | 5f7dd327a813c83f97f4a6128bb82c021ed870d8 (patch) | |
| tree | 82ae3b3c6601f734529004e19b06011e7f90cdcc | |
| parent | 3528028a687820eebe2a94013d6ec3a052b4c20e (diff) | |
misc-utils: docfdisk.c: validate partition size to prevent arithmetic overflow
report of the static analyzer:
Possible integer overflow: right operand is tainted.
An integer overflow may occur due to arithmetic operation (addition)
between variable 'block' and value { [1, 4294967295] } of 'nblocks[i]',
when 'block' is equal to '1'
correct explained:
Added bounds check before incrementing block counter to ensure that
adding nblocks[i] does not exceed totblocks. This prevents potential
integer overflow when user-specified partition sizes are too large,
which could lead to incorrect partition table layout and device corruption.
The validation ensures safe arithmetic by checking block + nblocks[i] <= totblocks
using unsigned comparison.
Signed-off-by: Anton Moryakov <ant.v.moryakov@gmail.com>
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
| -rw-r--r-- | misc-utils/docfdisk.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/misc-utils/docfdisk.c b/misc-utils/docfdisk.c index 47e4ff9..7b936d5 100644 --- a/misc-utils/docfdisk.c +++ b/misc-utils/docfdisk.c @@ -260,6 +260,10 @@ int main(int argc, char **argv) } nblocks[i] = totblocks - block; } + if (nblocks[i] > totblocks || block > totblocks - nblocks[i]) { + printf("Requested partition size exceeds available device space.\n"); + return 1; + } ip->virtualUnits = cpu_to_le32(nblocks[i]); block += nblocks[i]; ip->lastUnit = cpu_to_le32(block-1); |