From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:43684)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <famz@redhat.com>) id 1YtB6U-0000f5-4g
	for qemu-devel@nongnu.org; Fri, 15 May 2015 04:36:22 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <famz@redhat.com>) id 1YtB6T-0001FR-EZ
	for qemu-devel@nongnu.org; Fri, 15 May 2015 04:36:22 -0400
From: Fam Zheng <famz@redhat.com>
Date: Fri, 15 May 2015 16:36:05 +0800
Message-Id: <1431678966-16470-2-git-send-email-famz@redhat.com>
In-Reply-To: <1431678966-16470-1-git-send-email-famz@redhat.com>
References: <1431678966-16470-1-git-send-email-famz@redhat.com>
Subject: [Qemu-devel] [PATCH v2 1/2] block: Detect multiplication overflow
	in bdrv_getlength
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: qemu-devel@nongnu.org
Cc: Kevin Wolf <kwolf@redhat.com>, berto@igalia.com, armbru@redhat.com, qemu-block@nongnu.org

Bogus image may have a large total_sectors that will overflow the
multiplication. For cleanness, fix the return code so the error message
will be meaningful.

Reported-by: Richard W.M. Jones <rjones@redhat.com>
Signed-off-by: Fam Zheng <famz@redhat.com>
---
 block.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/block.c b/block.c
index 7904098..5d271a1 100644
--- a/block.c
+++ b/block.c
@@ -2330,6 +2330,7 @@ int64_t bdrv_getlength(BlockDriverState *bs)
 {
     int64_t ret = bdrv_nb_sectors(bs);
 
+    ret = ret > INT64_MAX / BDRV_SECTOR_SIZE ? -EFBIG : ret;
     return ret < 0 ? ret : ret * BDRV_SECTOR_SIZE;
 }
 
-- 
2.4.0