system: Fix possible integer overflows

This multiplication was done on 32 bit integers before, explicitly cast
them to 64 bit values before to make sure the multiplication is done on
64 bit numbers.

Coverity: #1412417, #1412410, #1412409, #1412411, #1412424, #1412407
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>

diff --git a/system.c b/system.c
index 4068e649168443183f9c21e644ea516cb4fa12f6..751a0169e079a6186b75cd053a4b0cefc0cff29c 100644 (file)
--- a/system.c
+++ b/system.c
@@ -254,15 +254,21 @@ static int system_info(struct ubus_context *ctx, struct ubus_object *obj,
        blobmsg_close_array(&b, c);
 
        c = blobmsg_open_table(&b, "memory");
-       blobmsg_add_u64(&b, "total",    info.mem_unit * info.totalram);
-       blobmsg_add_u64(&b, "free",     info.mem_unit * info.freeram);
-       blobmsg_add_u64(&b, "shared",   info.mem_unit * info.sharedram);
-       blobmsg_add_u64(&b, "buffered", info.mem_unit * info.bufferram);
+       blobmsg_add_u64(&b, "total",
+                       (uint64_t)info.mem_unit * (uint64_t)info.totalram);
+       blobmsg_add_u64(&b, "free",
+                       (uint64_t)info.mem_unit * (uint64_t)info.freeram);
+       blobmsg_add_u64(&b, "shared",
+                       (uint64_t)info.mem_unit * (uint64_t)info.sharedram);
+       blobmsg_add_u64(&b, "buffered",
+                       (uint64_t)info.mem_unit * (uint64_t)info.bufferram);
        blobmsg_close_table(&b, c);
 
        c = blobmsg_open_table(&b, "swap");
-       blobmsg_add_u64(&b, "total",    info.mem_unit * info.totalswap);
-       blobmsg_add_u64(&b, "free",     info.mem_unit * info.freeswap);
+       blobmsg_add_u64(&b, "total",
+                       (uint64_t)info.mem_unit * (uint64_t)info.totalswap);
+       blobmsg_add_u64(&b, "free",
+                       (uint64_t)info.mem_unit * (uint64_t)info.freeswap);
        blobmsg_close_table(&b, c);
 #endif