Avoid possible overflows from signed/unsigned comparisons

Signed-off-by: Simon Horman <horms@verge.net.au>

17 files changed, 48 insertions, 35 deletions

diff --git a/kdump/kdump.c b/kdump/kdump.c
index 5614a46..821ee7c 100644
--- a/kdump/kdump.c
+++ b/kdump/kdump.c
@@ -188,7 +188,8 @@ static void *generate_new_headers(
 
 static void write_all(int fd, const void *buf, size_t count)
 {
-	ssize_t result, written = 0;
+	ssize_t result;
+	size_t written = 0;
 	const char *ptr;
 	size_t left;
 	ptr = buf;
diff --git a/kexec/arch/i386/crashdump-x86.c b/kexec/arch/i386/crashdump-x86.c
index 7e86819..1782712 100644
--- a/kexec/arch/i386/crashdump-x86.c
+++ b/kexec/arch/i386/crashdump-x86.c
@@ -375,7 +375,8 @@ static void ultoa(unsigned long i, char *str)
  * memory regions the new kernel can use to boot into. */
 static int cmdline_add_memmap(char *cmdline, struct memory_range *memmap_p)
 {
-	int i, cmdlen, len, min_sizek = 100;
+	int i, cmdlen, len;
+	unsigned long min_sizek = 100;
 	char str_mmap[256], str_tmp[20];
 
 	/* Exact map */
diff --git a/kexec/arch/i386/kexec-multiboot-x86.c b/kexec/arch/i386/kexec-multiboot-x86.c
index bb77dbc..2a8a8a8 100644
--- a/kexec/arch/i386/kexec-multiboot-x86.c
+++ b/kexec/arch/i386/kexec-multiboot-x86.c
@@ -154,6 +154,7 @@ int multiboot_x86_load(int argc, char **argv, const char *buf, off_t len,
 	struct AddrRangeDesc *mmap;
 	int command_line_len;
 	int i;
+	uint32_t u;
 	int opt;
 	int modules, mod_command_line_space;
 #define OPT_CL  		(OPT_ARCH_MAX+0)
@@ -375,8 +376,8 @@ int multiboot_x86_load(int argc, char **argv, const char *buf, off_t len,
 	/* Relocate offsets in the MBI to absolute addresses */
 	mbi_offset = mbi_base;
 	modp = ((void *)mbi) + mbi->mods_addr;
-	for (i=0; i<mbi->mods_count; i++) {
-		modp[i].cmdline += mbi_offset;
+	for (u = 0; u < mbi->mods_count; u++) {
+		modp[u].cmdline += mbi_offset;
 	}
 	mbi->mods_addr += mbi_offset;
 	mbi->cmdline += mbi_offset;
diff --git a/kexec/arch/ia64/crashdump-ia64.c b/kexec/arch/ia64/crashdump-ia64.c
index d3bb6f7..6b64271 100644
--- a/kexec/arch/ia64/crashdump-ia64.c
+++ b/kexec/arch/ia64/crashdump-ia64.c
@@ -73,7 +73,7 @@ static int seg_comp(const void *a, const void *b)
  */
 static void add_loaded_segments_info(struct mem_ehdr *ehdr)
 {
-	 int i;
+	 unsigned i;
          for(i = 0; i < ehdr->e_phnum; i++) {
                 struct mem_phdr *phdr;
                 phdr = &ehdr->e_phdr[i];
diff --git a/kexec/arch/ia64/kexec-elf-ia64.c b/kexec/arch/ia64/kexec-elf-ia64.c
index 71283c6..f5273b7 100644
--- a/kexec/arch/ia64/kexec-elf-ia64.c
+++ b/kexec/arch/ia64/kexec-elf-ia64.c
@@ -98,7 +98,7 @@ void elf_ia64_usage(void)
  */
 void move_loaded_segments(struct mem_ehdr *ehdr, unsigned long addr)
 {
-	int i;
+	unsigned i;
 	long offset;
 	struct mem_phdr *phdr;
 	for(i = 0; i < ehdr->e_phnum; i++) {
diff --git a/kexec/arch/ia64/kexec-ia64.c b/kexec/arch/ia64/kexec-ia64.c
index 657a6b7..450931c 100644
--- a/kexec/arch/ia64/kexec-ia64.c
+++ b/kexec/arch/ia64/kexec-ia64.c
@@ -101,7 +101,7 @@ int get_memory_ranges(struct memory_range **range, int *ranges,
 	while(fgets(line, sizeof(line), fp) != 0) {
 		unsigned long start, end;
 		char *str;
-		int type;
+		unsigned type;
 		int consumed;
 		int count;
 		if (memory_ranges >= max_memory_ranges)
@@ -219,13 +219,14 @@ int arch_compat_trampoline(struct kexec_info *UNUSED(info))
 int update_loaded_segments(struct mem_ehdr *ehdr)
 {
 	int i;
+	unsigned u;
 	struct mem_phdr *phdr;
 	unsigned long start_addr = ULONG_MAX, end_addr = 0;
 	unsigned long align = 1UL<<26; /* 64M */
 	unsigned long start, end;
 
-	for (i = 0; i < ehdr->e_phnum; i++) {
-		phdr = &ehdr->e_phdr[i];
+	for (u = 0; u < ehdr->e_phnum; u++) {
+		phdr = &ehdr->e_phdr[u];
 		if (phdr->p_type != PT_LOAD)
 			continue;
 		if (phdr->p_paddr < start_addr)
diff --git a/kexec/arch/ppc64/crashdump-ppc64.c b/kexec/arch/ppc64/crashdump-ppc64.c
index 412db8f..0176bc7 100644
--- a/kexec/arch/ppc64/crashdump-ppc64.c
+++ b/kexec/arch/ppc64/crashdump-ppc64.c
@@ -126,7 +126,8 @@ static int get_dyn_reconf_crash_memory_ranges(void)
 	uint64_t start, end;
 	char fname[128], buf[32];
 	FILE *file;
-	int i, n;
+	unsigned int i;
+	int n;
 	uint32_t flags;
 
 	strcpy(fname, "/proc/device-tree/");
@@ -450,7 +451,7 @@ int load_crashdump_segments(struct kexec_info *info, char* mod_cmdline,
 
 void add_usable_mem_rgns(unsigned long long base, unsigned long long size)
 {
-	int i;
+	unsigned int i;
 	unsigned long long end = base + size;
 	unsigned long long ustart, uend;
 
diff --git a/kexec/arch/ppc64/fs2dt.c b/kexec/arch/ppc64/fs2dt.c
index 72c5af2..63d6dfd 100644
--- a/kexec/arch/ppc64/fs2dt.c
+++ b/kexec/arch/ppc64/fs2dt.c
@@ -127,8 +127,9 @@ static void add_dyn_reconf_usable_mem_property(int fd)
 	uint64_t buf[32];
 	uint64_t ranges[2*MAX_MEMORY_RANGES];
 	uint64_t base, end, loc_base, loc_end;
-	int range, rlen = 0, i;
-	int rngs_cnt, tmp_indx;
+	size_t i, rngs_cnt, range;
+	int rlen = 0;
+	int tmp_indx;
 
 	strcpy(fname, pathname);
 	bname = strrchr(fname, '/');
@@ -189,13 +190,15 @@ static void add_dyn_reconf_usable_mem_property(int fd)
 	dt += (rlen + 3)/4;
 }
 
-static void add_usable_mem_property(int fd, int len)
+static void add_usable_mem_property(int fd, size_t len)
 {
 	char fname[MAXPATH], *bname;
 	uint64_t buf[2];
 	uint64_t ranges[2*MAX_MEMORY_RANGES];
 	uint64_t base, end, loc_base, loc_end;
-	int range, rlen = 0;
+	size_t range;
+	int rlen = 0;
+	ssize_t slen;
 
 	strcpy(fname, pathname);
 	bname = strrchr(fname,'/');
@@ -206,12 +209,12 @@ static void add_usable_mem_property(int fd, int len)
 
 	if (len < 2 * sizeof(uint64_t))
 		die("unrecoverable error: not enough data for mem property\n");
-	len = 2 * sizeof(uint64_t);
+	slen = 2 * sizeof(uint64_t);
 
 	if (lseek(fd, 0, SEEK_SET) < 0)
 		die("unrecoverable error: error seeking in \"%s\": %s\n",
 		    pathname, strerror(errno));
-	if (read(fd, buf, len) != len)
+	if (read(fd, buf, slen) != slen)
 		die("unrecoverable error: error reading \"%s\": %s\n",
 		    pathname, strerror(errno));
 
@@ -263,7 +266,9 @@ static void add_usable_mem_property(int fd, int len)
 static void putprops(char *fn, struct dirent **nlist, int numlist)
 {
 	struct dirent *dp;
-	int i = 0, fd, len;
+	int i = 0, fd;
+	size_t len;
+	ssize_t slen;
 	struct stat statbuf;
 
 	for (i = 0; i < numlist; i++) {
@@ -324,9 +329,13 @@ static void putprops(char *fn, struct dirent **nlist, int numlist)
 			die("unrecoverable error: could not open \"%s\": %s\n",
 			    pathname, strerror(errno));
 
-		if (read(fd, dt, len) != len)
+		slen = read(fd, dt, len);
+		if (slen < 0)
 			die("unrecoverable error: could not read \"%s\": %s\n",
 			    pathname, strerror(errno));
+		if ((size_t)slen != len)
+			die("unrecoverable error: short read from\"%s\"\n",
+			    pathname);
 
 		checkprop(fn, dt, len);
 
diff --git a/kexec/arch/ppc64/kexec-elf-ppc64.c b/kexec/arch/ppc64/kexec-elf-ppc64.c
index 65fc42f..2a72482 100644
--- a/kexec/arch/ppc64/kexec-elf-ppc64.c
+++ b/kexec/arch/ppc64/kexec-elf-ppc64.c
@@ -84,7 +84,7 @@ int elf_ppc64_load(int argc, char **argv, const char *buf, off_t len,
 	size_t size;
 	uint64_t *rsvmap_ptr;
 	struct bootblock *bb_ptr;
-	unsigned int i;
+	int i;
 	int result, opt;
 	uint64_t my_kernel, my_dt_offset;
 	unsigned int my_panic_kernel;
diff --git a/kexec/arch/ppc64/kexec-ppc64.c b/kexec/arch/ppc64/kexec-ppc64.c
index ab671fd..44208a0 100644
--- a/kexec/arch/ppc64/kexec-ppc64.c
+++ b/kexec/arch/ppc64/kexec-ppc64.c
@@ -148,7 +148,8 @@ static int get_dyn_reconf_base_ranges(void)
 	uint64_t start, end;
 	char fname[128], buf[32];
 	FILE *file;
-	int i, n;
+	unsigned int i;
+	int n;
 
 	strcpy(fname, "/proc/device-tree/");
 	strcat(fname, "ibm,dynamic-reconfiguration-memory/ibm,lmb-size");
diff --git a/kexec/arch/sh/kexec-zImage-sh.c b/kexec/arch/sh/kexec-zImage-sh.c
index 5001239..c38fd55 100644
--- a/kexec/arch/sh/kexec-zImage-sh.c
+++ b/kexec/arch/sh/kexec-zImage-sh.c
@@ -74,8 +74,8 @@ int zImage_sh_load(int argc, char **argv, const char *buf, off_t len,
 	struct kexec_info *info)
 {
         char *command_line;
-	int opt, k;
-	unsigned long empty_zero, zero_page_base, zero_page_size;
+	int opt;
+	unsigned long empty_zero, zero_page_base, zero_page_size, k;
 	unsigned long image_base;
 	char *param;
 
diff --git a/kexec/arch/x86_64/crashdump-x86_64.c b/kexec/arch/x86_64/crashdump-x86_64.c
index 8e33177..e7fbf5b 100644
--- a/kexec/arch/x86_64/crashdump-x86_64.c
+++ b/kexec/arch/x86_64/crashdump-x86_64.c
@@ -487,7 +487,8 @@ static void ultoa(unsigned long i, char *str)
  * memory regions the new kernel can use to boot into. */
 static int cmdline_add_memmap(char *cmdline, struct memory_range *memmap_p)
 {
-	int i, cmdlen, len, min_sizek = 100;
+	int i, cmdlen, len;
+	unsigned long min_sizek = 100;
 	char str_mmap[256], str_tmp[20];
 
 	/* Exact map */
diff --git a/kexec/kexec-elf-exec.c b/kexec/kexec-elf-exec.c
index 5c89ddb..cb62d04 100644
--- a/kexec/kexec-elf-exec.c
+++ b/kexec/kexec-elf-exec.c
@@ -53,7 +53,7 @@ int elf_exec_load(struct mem_ehdr *ehdr, struct kexec_info *info)
 {
 	unsigned long base;
 	int result;
-	int i;
+	size_t i;
 
 	if (!ehdr->e_phdr) {
 		fprintf(stderr, "No program header?\n");
diff --git a/kexec/kexec-elf.c b/kexec/kexec-elf.c
index c5b9d67..06695aa 100644
--- a/kexec/kexec-elf.c
+++ b/kexec/kexec-elf.c
@@ -369,8 +369,7 @@ static int build_mem_elf64_phdr(const char *buf, struct mem_ehdr *ehdr, int idx)
 static int build_mem_phdrs(const char *buf, off_t len, struct mem_ehdr *ehdr,
 				uint32_t flags)
 {
-	size_t phdr_size, mem_phdr_size;
-	int i;
+	size_t phdr_size, mem_phdr_size, i;
 
 	/* e_phnum is at most 65535 so calculating
 	 * the size of the program header cannot overflow.
@@ -582,8 +581,7 @@ static int build_mem_elf64_shdr(const char *buf, struct mem_ehdr *ehdr, int idx)
 static int build_mem_shdrs(const char *buf, off_t len, struct mem_ehdr *ehdr,
 				uint32_t flags)
 {
-	size_t shdr_size, mem_shdr_size;
-	int i;
+	size_t shdr_size, mem_shdr_size, i;
 
 	/* e_shnum is at most 65536 so calculating
 	 * the size of the section header cannot overflow.
@@ -636,7 +634,7 @@ static int build_mem_shdrs(const char *buf, off_t len, struct mem_ehdr *ehdr,
 			&& (shdr->sh_offset + shdr->sh_size) > len) {
 			/* The section does not fit in the buffer */
 			if (probe_debug) {
-				fprintf(stderr, "ELF section %d not in file\n",
+				fprintf(stderr, "ELF section %zd not in file\n",
 					i);
 			}
 			return -1;
@@ -666,8 +664,7 @@ static void read_nhdr(const struct mem_ehdr *ehdr,
 static int build_mem_notes(struct mem_ehdr *ehdr)
 {
 	const unsigned char *note_start, *note_end, *note;
-	size_t note_size;
-	int i;
+	size_t note_size, i;
 	/* First find the note segment or section */
 	note_start = note_end = NULL;
 	for(i = 0; !note_start && (i < ehdr->e_phnum); i++) {
diff --git a/kexec/lzma.c b/kexec/lzma.c
index 43f9290..2490de6 100644
--- a/kexec/lzma.c
+++ b/kexec/lzma.c
@@ -91,7 +91,7 @@ LZFILE *lzopen(const char *path, const char *mode)
 int lzclose(LZFILE *lzfile)
 {
 	lzma_ret ret;
-	int n;
+	size_t n;
 
 	if (!lzfile)
 		return -1;
diff --git a/purgatory/arch/ia64/purgatory-ia64.c b/purgatory/arch/ia64/purgatory-ia64.c
index acacb56..e138e9c 100644
--- a/purgatory/arch/ia64/purgatory-ia64.c
+++ b/purgatory/arch/ia64/purgatory-ia64.c
@@ -159,7 +159,7 @@ patch_efi_memmap(struct kexec_boot_params *params,
 	uint64_t orig_type;
 	efi_memory_desc_t *src_md, *dst_md;
 	void *src_end = src + boot_param->efi_memmap_size;
-	int i;
+	unsigned long i;
 	for (; src < src_end; src += boot_param->efi_memdesc_size,
 	     dest += boot_param->efi_memdesc_size) {
 		unsigned long mstart, mend;
diff --git a/purgatory/purgatory.c b/purgatory/purgatory.c
index 805e1ea..3827d59 100644
--- a/purgatory/purgatory.c
+++ b/purgatory/purgatory.c
@@ -13,7 +13,7 @@ void verify_sha256_digest(void)
 {
 	struct sha256_region *ptr, *end;
 	sha256_digest_t digest;
-	int i;
+	size_t i;
 	sha256_context ctx;
 	sha256_starts(&ctx);
 	end = &sha256_regions[sizeof(sha256_regions)/sizeof(sha256_regions[0])];