[DO NOT MERGE] Fix signedness mismatch and integer underflow
persist_get_max_entries() is supposed to return an unsigned integer as the
maximum number of entries but it also wrongly returns "-1" as an error
condition. Also fix an issue where an unsigned subtraction in this routine
could lead to integer underflow.
Bug: 112731440
Test: manual
Change-Id: I9672e39bef2c12156dda7806a08c52044962c178
(cherry picked from commit ef35553d530452ad6aa43832c8bc8ff76898181a)
diff --git a/cryptfs.c b/cryptfs.c
index 2a52336..0854f42 100644
--- a/cryptfs.c
+++ b/cryptfs.c
@@ -3380,24 +3380,25 @@
static unsigned int persist_get_max_entries(int encrypted) {
struct crypt_mnt_ftr crypt_ftr;
unsigned int dsize;
- unsigned int max_persistent_entries;
/* If encrypted, use the values from the crypt_ftr, otherwise
* use the values for the current spec.
*/
if (encrypted) {
if (get_crypt_ftr_and_key(&crypt_ftr)) {
- return -1;
+ /* Something is wrong, assume no space for entries */
+ return 0;
}
dsize = crypt_ftr.persist_data_size;
} else {
dsize = CRYPT_PERSIST_DATA_SIZE;
}
- max_persistent_entries = (dsize - sizeof(struct crypt_persist_data)) /
- sizeof(struct crypt_persist_entry);
-
- return max_persistent_entries;
+ if (dsize > sizeof(struct crypt_persist_data)) {
+ return (dsize - sizeof(struct crypt_persist_data)) / sizeof(struct crypt_persist_entry);
+ } else {
+ return 0;
+ }
}
static int persist_get_key(const char *fieldname, char *value)
