From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:40280) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1WhHuO-0000eP-0A for qemu-devel@nongnu.org; Mon, 05 May 2014 08:22:17 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1WhHuG-0005Ck-So for qemu-devel@nongnu.org; Mon, 05 May 2014 08:22:11 -0400 Received: from mail-wi0-x233.google.com ([2a00:1450:400c:c05::233]:37642) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1WhHuG-0005CE-MU for qemu-devel@nongnu.org; Mon, 05 May 2014 08:22:04 -0400 Received: by mail-wi0-f179.google.com with SMTP id bs8so5422025wib.12 for ; Mon, 05 May 2014 05:22:03 -0700 (PDT) Date: Mon, 5 May 2014 14:22:00 +0200 From: Stefan Hajnoczi Message-ID: <20140505122200.GF16173@stefanha-thinkpad.redhat.com> References: <1399174300-27583-1-git-send-email-mreitz@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <1399174300-27583-1-git-send-email-mreitz@redhat.com> Subject: Re: [Qemu-devel] [PATCH] qcow2: Fix alloc_clusters_noref() overflow detection List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Max Reitz Cc: Kevin Wolf , qemu-devel@nongnu.org, Stefan Hajnoczi On Sun, May 04, 2014 at 05:31:40AM +0200, Max Reitz wrote: > If the very first allocation has a length of 0, the free_cluster_index > is still 0 after the for loop, which means that subtracting one from it > will underflow and signal an invalid range of clusters by returning > -EFBIG. However, there is no such range, as its length is 0. > > Fix this by preventing underflows on free_cluster_index during the > check. > > Signed-off-by: Max Reitz > --- > block/qcow2-refcount.c | 4 +++- > 1 file changed, 3 insertions(+), 1 deletion(-) Thanks, applied to my block tree: https://github.com/stefanha/qemu/commits/block Stefan