From 2b4a870a7f579b674f3c556220731652fd4fd8e8 Mon Sep 17 00:00:00 2001 From: Augustin Cavalier Date: Wed, 8 Dec 2021 12:26:30 -0500 Subject: [PATCH] packagefs: Prevent signed integer overflow in Query::IndexGetWeightedScore. As the comment already noted, the maximum input score is 2048, and 2048*1024*1024 overflows int32. Subtract 1 from maxFactor to prevent this. --- .../kernel/file_systems/packagefs/indices/Query.cpp | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/src/add-ons/kernel/file_systems/packagefs/indices/Query.cpp b/src/add-ons/kernel/file_systems/packagefs/indices/Query.cpp index b92c1ea230..b8c777959c 100644 --- a/src/add-ons/kernel/file_systems/packagefs/indices/Query.cpp +++ b/src/add-ons/kernel/file_systems/packagefs/indices/Query.cpp @@ -97,10 +97,9 @@ struct Query::QueryPolicy { { // should be inversely proportional to the index size; max input score // is 2048 - static const int32 maxFactor = 1024 * 1024; - return score * (maxFactor - / std::min(maxFactor, - std::max((int32)1, index.index->CountEntries()))); + static const int32 maxFactor = (1024 * 1024) - 1; + return score * (maxFactor / + std::min(maxFactor, std::max((int32)1, index.index->CountEntries()))); } static type_code IndexGetType(Index& index)