On Fri, Feb 27, 2026 at 10:58:10PM -0800, Eric Biggers wrote:
> On Thu, Feb 26, 2026 at 07:10:36AM -0800, Christoph Hellwig wrote:
> > +#define __DO_XOR_BLOCKS(_name, _handle1, _handle2, _handle3, _handle4)
> > \
> > +void \
> > +xor_gen_##_name(void *dest, void **srcs, unsigned int src_cnt,
> > \
> > + unsigned int bytes) \
> > +{ \
> > + unsigned int src_off = 0; \
> > + \
> > + while (src_cnt > 0) { \
> > + unsigned int this_cnt = min(src_cnt, 4); \
> > + unsigned long *p1 = (unsigned long *)srcs[src_off]; \
> > + unsigned long *p2 = (unsigned long *)srcs[src_off + 1]; \
> > + unsigned long *p3 = (unsigned long *)srcs[src_off + 2]; \
> > + unsigned long *p4 = (unsigned long *)srcs[src_off + 3]; \
>
> This reads out of bounds if src_cnt isn't a multiple of 4.
Assuming the compiler doesn't do the obvious optimization and
drop it, but yes, should be easy enough to avoid this.
