[DO NOT MERGE] Fix signedness mismatch and integer underflow
persist_get_max_entries() is supposed to return an unsigned integer as the
maximum number of entries but it also wrongly returns "-1" as an error
condition. Also fix an issue where an unsigned subtraction in this routine
could lead to integer underflow.
Bug: 112731440
Test: manual
Change-Id: I9672e39bef2c12156dda7806a08c52044962c178
(cherry picked from commit 19ef1ae99a0138197e43658e84d860d17912a4a0)
diff --git a/cryptfs.cpp b/cryptfs.cpp
index f2f0f18..66cbc3b 100644
--- a/cryptfs.cpp
+++ b/cryptfs.cpp
@@ -3097,24 +3097,25 @@
static unsigned int persist_get_max_entries(int encrypted) {
struct crypt_mnt_ftr crypt_ftr;
unsigned int dsize;
- unsigned int max_persistent_entries;
/* If encrypted, use the values from the crypt_ftr, otherwise
* use the values for the current spec.
*/
if (encrypted) {
if (get_crypt_ftr_and_key(&crypt_ftr)) {
- return -1;
+ /* Something is wrong, assume no space for entries */
+ return 0;
}
dsize = crypt_ftr.persist_data_size;
} else {
dsize = CRYPT_PERSIST_DATA_SIZE;
}
- max_persistent_entries = (dsize - sizeof(struct crypt_persist_data)) /
- sizeof(struct crypt_persist_entry);
-
- return max_persistent_entries;
+ if (dsize > sizeof(struct crypt_persist_data)) {
+ return (dsize - sizeof(struct crypt_persist_data)) / sizeof(struct crypt_persist_entry);
+ } else {
+ return 0;
+ }
}
static int persist_get_key(const char *fieldname, char *value)
