From c844ace9729a906f98d5508dcf145204cbff10dc Mon Sep 17 00:00:00 2001 From: Hauke Mehrtens Date: Fri, 13 Sep 2019 22:04:03 +0200 Subject: [PATCH] system: Fix possible integer overflows This multiplication was done on 32 bit integers before, explicitly cast them to 64 bit values before to make sure the multiplication is done on 64 bit numbers. Coverity: #1412417, #1412410, #1412409, #1412411, #1412424, #1412407 Signed-off-by: Hauke Mehrtens --- system.c | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) diff --git a/system.c b/system.c index 4068e64..751a016 100644 --- a/system.c +++ b/system.c @@ -254,15 +254,21 @@ static int system_info(struct ubus_context *ctx, struct ubus_object *obj, blobmsg_close_array(&b, c); c = blobmsg_open_table(&b, "memory"); - blobmsg_add_u64(&b, "total", info.mem_unit * info.totalram); - blobmsg_add_u64(&b, "free", info.mem_unit * info.freeram); - blobmsg_add_u64(&b, "shared", info.mem_unit * info.sharedram); - blobmsg_add_u64(&b, "buffered", info.mem_unit * info.bufferram); + blobmsg_add_u64(&b, "total", + (uint64_t)info.mem_unit * (uint64_t)info.totalram); + blobmsg_add_u64(&b, "free", + (uint64_t)info.mem_unit * (uint64_t)info.freeram); + blobmsg_add_u64(&b, "shared", + (uint64_t)info.mem_unit * (uint64_t)info.sharedram); + blobmsg_add_u64(&b, "buffered", + (uint64_t)info.mem_unit * (uint64_t)info.bufferram); blobmsg_close_table(&b, c); c = blobmsg_open_table(&b, "swap"); - blobmsg_add_u64(&b, "total", info.mem_unit * info.totalswap); - blobmsg_add_u64(&b, "free", info.mem_unit * info.freeswap); + blobmsg_add_u64(&b, "total", + (uint64_t)info.mem_unit * (uint64_t)info.totalswap); + blobmsg_add_u64(&b, "free", + (uint64_t)info.mem_unit * (uint64_t)info.freeswap); blobmsg_close_table(&b, c); #endif -- 2.30.2