From: Max Reitz <mreitz@redhat.com>
To: qemu-devel@nongnu.org
Cc: Kevin Wolf <kwolf@redhat.com>, Peter Lieven <pl@kamp.de>,
qemu-stable@nongnu.org, Markus Armbruster <armbru@redhat.com>,
Stefan Hajnoczi <stefanha@redhat.com>,
Max Reitz <mreitz@redhat.com>
Subject: [Qemu-devel] [PATCH 09/12] qcow2: Prevent numerical overflow
Date: Tue, 25 Nov 2014 15:08:02 +0100 [thread overview]
Message-ID: <1416924485-13304-10-git-send-email-mreitz@redhat.com> (raw)
In-Reply-To: <1416924485-13304-1-git-send-email-mreitz@redhat.com>
In qcow2_alloc_cluster_offset(), *num is limited to
INT_MAX >> BDRV_SECTOR_BITS by all callers. However, since remaining is
of type uint64_t, we might as well cast *num to that type before
performing the shift.
Cc: qemu-stable@nongnu.org
Signed-off-by: Max Reitz <mreitz@redhat.com>
---
block/qcow2-cluster.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/block/qcow2-cluster.c b/block/qcow2-cluster.c
index df0b2c9..1fea514 100644
--- a/block/qcow2-cluster.c
+++ b/block/qcow2-cluster.c
@@ -1263,7 +1263,7 @@ int qcow2_alloc_cluster_offset(BlockDriverState *bs, uint64_t offset,
again:
start = offset;
- remaining = *num << BDRV_SECTOR_BITS;
+ remaining = (uint64_t)*num << BDRV_SECTOR_BITS;
cluster_offset = 0;
*host_offset = 0;
cur_bytes = 0;
--
1.9.3
next prev parent reply other threads:[~2014-11-25 14:08 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-11-25 14:07 [Qemu-devel] [PATCH 00/12] block: Various Coverity-spotted fixes Max Reitz
2014-11-25 14:07 ` [Qemu-devel] [PATCH 01/12] block: qcow2 driver may not be found Max Reitz
2014-11-26 7:23 ` Markus Armbruster
2014-11-26 9:13 ` Max Reitz
2014-11-26 15:19 ` Eric Blake
2014-11-26 15:20 ` Max Reitz
2014-11-26 15:24 ` Kevin Wolf
2014-11-27 9:02 ` Markus Armbruster
2014-11-25 14:07 ` [Qemu-devel] [PATCH 02/12] block/vvfat: qcow " Max Reitz
2014-11-25 14:07 ` [Qemu-devel] [PATCH 03/12] block/nfs: Add create_opts Max Reitz
2014-11-25 14:41 ` Kevin Wolf
2014-11-25 14:49 ` Max Reitz
2014-11-27 13:24 ` Max Reitz
2014-11-25 14:07 ` [Qemu-devel] [PATCH 04/12] block: Check create_opts before image creation Max Reitz
2014-11-25 14:07 ` [Qemu-devel] [PATCH 05/12] qemu-img: " Max Reitz
2014-11-25 14:07 ` [Qemu-devel] [PATCH 06/12] qemu-img: Check create_opts before image amendment Max Reitz
2014-11-25 14:08 ` [Qemu-devel] [PATCH 07/12] iotests: Only kill NBD server if it runs Max Reitz
2014-11-25 14:08 ` [Qemu-devel] [PATCH 08/12] iotests: Add test for unsupported image creation Max Reitz
2014-11-25 14:08 ` Max Reitz [this message]
2014-11-25 14:08 ` [Qemu-devel] [PATCH 10/12] qcow2: Flushing the caches in qcow2_close may fail Max Reitz
2014-11-25 14:22 ` Max Reitz
2014-11-25 14:49 ` Kevin Wolf
2014-11-25 14:08 ` [Qemu-devel] [PATCH 11/12] qcow2: Respect bdrv_truncate() error Max Reitz
2014-11-25 14:08 ` [Qemu-devel] [PATCH 12/12] block/raw-posix: Fix ret in raw_open_common() Max Reitz
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1416924485-13304-10-git-send-email-mreitz@redhat.com \
--to=mreitz@redhat.com \
--cc=armbru@redhat.com \
--cc=kwolf@redhat.com \
--cc=pl@kamp.de \
--cc=qemu-devel@nongnu.org \
--cc=qemu-stable@nongnu.org \
--cc=stefanha@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).