From: Paolo Bonzini <pbonzini@redhat.com>
To: qemu-devel@nongnu.org
Cc: Max Reitz <mreitz@redhat.com>
Subject: [Qemu-devel] [PULL 08/19] nbd: Fix potential signed overflow issues
Date: Wed, 18 Mar 2015 12:24:55 +0100 [thread overview]
Message-ID: <1426677906-51657-9-git-send-email-pbonzini@redhat.com> (raw)
In-Reply-To: <1426677906-51657-1-git-send-email-pbonzini@redhat.com>
From: Max Reitz <mreitz@redhat.com>
Signed-off-by: Max Reitz <mreitz@redhat.com>
Message-Id: <1424887718-10800-11-git-send-email-mreitz@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
include/block/nbd.h | 4 ++--
qemu-nbd.c | 5 +++--
2 files changed, 5 insertions(+), 4 deletions(-)
diff --git a/include/block/nbd.h b/include/block/nbd.h
index 2c20138..53726e8 100644
--- a/include/block/nbd.h
+++ b/include/block/nbd.h
@@ -54,8 +54,8 @@ struct nbd_reply {
/* Reply types. */
#define NBD_REP_ACK (1) /* Data sending finished. */
#define NBD_REP_SERVER (2) /* Export description. */
-#define NBD_REP_ERR_UNSUP ((1 << 31) | 1) /* Unknown option. */
-#define NBD_REP_ERR_INVALID ((1 << 31) | 3) /* Invalid length. */
+#define NBD_REP_ERR_UNSUP ((UINT32_C(1) << 31) | 1) /* Unknown option. */
+#define NBD_REP_ERR_INVALID ((UINT32_C(1) << 31) | 3) /* Invalid length. */
#define NBD_CMD_MASK_COMMAND 0x0000ffff
#define NBD_CMD_FLAG_FUA (1 << 16)
diff --git a/qemu-nbd.c b/qemu-nbd.c
index 0c9e807..a4a9a0c 100644
--- a/qemu-nbd.c
+++ b/qemu-nbd.c
@@ -142,8 +142,9 @@ static void read_partition(uint8_t *p, struct partition_record *r)
r->end_head = p[5];
r->end_cylinder = p[7] | ((p[6] << 2) & 0x300);
r->end_sector = p[6] & 0x3f;
- r->start_sector_abs = p[8] | p[9] << 8 | p[10] << 16 | p[11] << 24;
- r->nb_sectors_abs = p[12] | p[13] << 8 | p[14] << 16 | p[15] << 24;
+
+ r->start_sector_abs = le32_to_cpup((uint32_t *)(p + 8));
+ r->nb_sectors_abs = le32_to_cpup((uint32_t *)(p + 12));
}
static int find_partition(BlockBackend *blk, int partition,
--
2.3.0
next prev parent reply other threads:[~2015-03-18 11:26 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-03-18 11:24 [Qemu-devel] [PULL 00/19] Misc bugfixes for 2.3.0-rc1 Paolo Bonzini
2015-03-18 11:24 ` [Qemu-devel] [PULL 01/19] nbd: Fix overflow return value Paolo Bonzini
2015-03-18 11:24 ` [Qemu-devel] [PULL 02/19] util/uri: Add overflow check to rfc3986_parse_port Paolo Bonzini
2015-03-18 11:24 ` [Qemu-devel] [PULL 03/19] qemu-nbd: Detect unused partitions by system == 0 Paolo Bonzini
2015-03-18 11:24 ` [Qemu-devel] [PULL 04/19] nbd: Fix nbd_establish_connection()'s return value Paolo Bonzini
2015-03-18 11:24 ` [Qemu-devel] [PULL 05/19] nbd: Pass return value from nbd_handle_list() Paolo Bonzini
2015-03-18 11:24 ` [Qemu-devel] [PULL 06/19] nbd: Handle blk_getlength() failure Paolo Bonzini
2015-03-18 11:24 ` [Qemu-devel] [PULL 07/19] qemu-nbd: fork() can fail Paolo Bonzini
2015-03-18 11:24 ` Paolo Bonzini [this message]
2015-03-18 11:24 ` [Qemu-devel] [PULL 09/19] nbd: Set block size to BDRV_SECTOR_SIZE Paolo Bonzini
2015-03-18 11:24 ` [Qemu-devel] [PULL 10/19] nbd: Fix nbd_receive_options() Paolo Bonzini
2015-03-18 11:24 ` [Qemu-devel] [PULL 11/19] nbd: Fix interpretation of the export flags Paolo Bonzini
2015-03-18 11:24 ` [Qemu-devel] [PULL 12/19] nbd: Drop unexpected data for NBD_OPT_LIST Paolo Bonzini
2015-03-18 11:25 ` [Qemu-devel] [PULL 13/19] coroutine-io: Return -errno in case of error Paolo Bonzini
2015-03-18 11:25 ` [Qemu-devel] [PULL 14/19] build: pass .d file name to scripts/make_device_config.sh, fix makefile target Paolo Bonzini
2015-03-18 11:25 ` [Qemu-devel] [PULL 15/19] virtio-scsi: Fix assert in virtio_scsi_push_event Paolo Bonzini
2015-03-18 11:25 ` [Qemu-devel] [PULL 16/19] kvm: fix ioeventfd endianness on bi-endian architectures Paolo Bonzini
2015-03-23 8:50 ` Greg Kurz
2015-03-18 11:25 ` [Qemu-devel] [PULL 17/19] profiler: Reenable built-in profiler Paolo Bonzini
2015-03-18 11:25 ` [Qemu-devel] [PULL 18/19] virtio-scsi-dataplane: fix memory leak in virtio_scsi_vring_init Paolo Bonzini
2015-03-18 11:25 ` [Qemu-devel] [PULL 19/19] exec: Respect as_tranlsate_internal length clamp Paolo Bonzini
2015-03-19 11:12 ` [Qemu-devel] [PULL 00/19] Misc bugfixes for 2.3.0-rc1 Peter Maydell
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1426677906-51657-9-git-send-email-pbonzini@redhat.com \
--to=pbonzini@redhat.com \
--cc=mreitz@redhat.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).