From: Kevin Wolf <kwolf@redhat.com>
To: qemu-block@nongnu.org
Cc: kwolf@redhat.com, qemu-devel@nongnu.org
Subject: [PULL 2/8] parallels: fix possible int overflow
Date: Thu, 14 Nov 2024 17:56:51 +0100 [thread overview]
Message-ID: <20241114165657.254256-3-kwolf@redhat.com> (raw)
In-Reply-To: <20241114165657.254256-1-kwolf@redhat.com>
From: Dmitry Frolov <frolov@swemel.ru>
The sum "cluster_index + count" may overflow uint32_t.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
Signed-off-by: Dmitry Frolov <frolov@swemel.ru>
Message-ID: <20241106080521.219255-2-frolov@swemel.ru>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
---
block/parallels.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/block/parallels.c b/block/parallels.c
index 9205a0864f..071b6dcaf8 100644
--- a/block/parallels.c
+++ b/block/parallels.c
@@ -184,11 +184,11 @@ static int mark_used(BlockDriverState *bs, unsigned long *bitmap,
BDRVParallelsState *s = bs->opaque;
uint32_t cluster_index = host_cluster_index(s, off);
unsigned long next_used;
- if (cluster_index + count > bitmap_size) {
+ if ((uint64_t)cluster_index + count > bitmap_size) {
return -E2BIG;
}
next_used = find_next_bit(bitmap, bitmap_size, cluster_index);
- if (next_used < cluster_index + count) {
+ if (next_used < (uint64_t)cluster_index + count) {
return -EBUSY;
}
bitmap_set(bitmap, cluster_index, count);
--
2.47.0
next prev parent reply other threads:[~2024-11-14 16:59 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-11-14 16:56 [PULL 0/8] Block layer patches Kevin Wolf
2024-11-14 16:56 ` [PULL 1/8] migration: Check current_migration in migration_is_running() Kevin Wolf
2024-11-14 16:56 ` Kevin Wolf [this message]
2024-11-14 16:56 ` [PULL 3/8] iotests: reflow ReproducibleTestRunner arguments Kevin Wolf
2024-11-14 16:56 ` [PULL 4/8] iotests: correct resultclass type in ReproducibleTestRunner Kevin Wolf
2024-11-14 16:56 ` [PULL 5/8] python: disable too-many-positional-arguments warning Kevin Wolf
2024-11-14 16:56 ` [PULL 6/8] python: silence pylint raising-non-exception error Kevin Wolf
2024-11-14 16:56 ` [PULL 7/8] qdev-monitor: avoid QemuOpts in QMP device_add Kevin Wolf
2024-11-14 16:56 ` [PULL 8/8] vl: use qmp_device_add() in qemu_create_cli_devices() Kevin Wolf
2024-11-15 20:16 ` [PULL 0/8] Block layer patches Peter Maydell
2024-11-19 11:25 ` Kevin Wolf
2024-11-19 14:41 ` Stefan Hajnoczi
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20241114165657.254256-3-kwolf@redhat.com \
--to=kwolf@redhat.com \
--cc=qemu-block@nongnu.org \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.