The snap_names_len field of an rbd_image_header structure is defined
with type size_t. That field is used as both the source and target
of 64-bit byte-order swapping operations though, so it's best to
define it with type u64 instead.
Signed-off-by: Alex Elder <elder@inktank.com>
Reviewed-by: Josh Durgin <josh.durgin@inktank.com>
__u8 crypt_type;
__u8 comp_type;
struct ceph_snap_context *snapc;
- size_t snap_names_len;
+ u64 snap_names_len;
u32 total_snaps;
char *snap_names;
if (snap_count) {
header->snap_names_len = le64_to_cpu(ondisk->snap_names_len);
+ BUG_ON(header->snap_names_len > (u64) SIZE_MAX);
header->snap_names = kmalloc(header->snap_names_len,
GFP_KERNEL);
if (!header->snap_names)