From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:39267) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1XNSC3-0003fC-Aa for qemu-devel@nongnu.org; Fri, 29 Aug 2014 15:50:48 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1XNSBy-0006Zi-7t for qemu-devel@nongnu.org; Fri, 29 Aug 2014 15:50:43 -0400 Received: from mx1.redhat.com ([209.132.183.28]:17567) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1XNSBx-0006Zd-K9 for qemu-devel@nongnu.org; Fri, 29 Aug 2014 15:50:38 -0400 Message-ID: <5400D989.9070801@redhat.com> Date: Fri, 29 Aug 2014 13:50:33 -0600 From: Eric Blake MIME-Version: 1.0 References: <1409170706-24465-1-git-send-email-mreitz@redhat.com> <1409170706-24465-6-git-send-email-mreitz@redhat.com> In-Reply-To: <1409170706-24465-6-git-send-email-mreitz@redhat.com> Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="U5eBieW1CIlusqg4C9HQnJvx592QTdCas" Subject: Re: [Qemu-devel] [PATCH v4 05/10] qcow2: Fix refcount blocks beyond image end List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Max Reitz , qemu-devel@nongnu.org Cc: Kevin Wolf , Stefan Hajnoczi , =?UTF-8?B?QmVub8OudCBDYW5ldA==?= This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --U5eBieW1CIlusqg4C9HQnJvx592QTdCas Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On 08/27/2014 02:18 PM, Max Reitz wrote: > If the qcow2 check function detects a refcount block located beyond the= > image end, grow the image appropriately. This cannot break anything and= > is the logical fix for such a case. >=20 > Signed-off-by: Max Reitz > --- > block/qcow2-refcount.c | 62 ++++++++++++++++++++++++++++++++++++++++++= ++++---- > 1 file changed, 58 insertions(+), 4 deletions(-) >=20 > diff --git a/block/qcow2-refcount.c b/block/qcow2-refcount.c > index babe6cb..394a402 100644 > --- a/block/qcow2-refcount.c > +++ b/block/qcow2-refcount.c > @@ -1505,7 +1505,8 @@ static int check_refblocks(BlockDriverState *bs, = BdrvCheckResult *res, > int64_t *nb_clusters) > { > BDRVQcowState *s =3D bs->opaque; > - int64_t i; > + int64_t i, size; > + int ret; > =20 > for(i =3D 0; i < s->refcount_table_size; i++) { Is it worth fixing up the whitespace on this 'for' at any point in the series? > + if (fix & BDRV_FIX_ERRORS) { > + int64_t old_nb_clusters =3D *nb_clusters; > + > + if (offset + s->cluster_size < offset || > + offset + s->cluster_size > INT64_MAX) [1] > + > + *refcount_table =3D g_try_realloc(*refcount_table, > + *nb_clusters * sizeof(uint16_t)); I was about to complain that this multiply could overflow if *nb_clusters is more than 2**62 bits, until I double checked that due to the limit checking at [1], we know *nb_clusters is narrower. Reviewed-by: Eric Blake --=20 Eric Blake eblake redhat com +1-919-301-3266 Libvirt virtualization library http://libvirt.org --U5eBieW1CIlusqg4C9HQnJvx592QTdCas Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: Public key at http://people.redhat.com/eblake/eblake.gpg iQEcBAEBCAAGBQJUANmJAAoJEKeha0olJ0NqrXAIAI2QWbFjCy2fW8vxohp6HvoK K6dctK+zwY+gvh1zwdrSd5qlQFxP5qfqIvCEQZ06eC3ZEsy71MVMH0TP7GJJOd1M kg/2j7yV9LXbRuQamgqi32IR3qoqXdmdLMDLjKx3x9Yxx38Y0Mo3XrlxYYbTssoH BhPSPCcXUdQg544Klv/lIGb483IM4falLDAcSBSGQPMre3VeNSuIURGmx90txVzk 81IolrJAQ2TWvJ131XvNe2P2DpiOENwBwt2CgO7t7F4K4E1A4vZAqt9HDJDFQ/Mx ArKvk32QM7CnZ4H+qU5nRkC+UBwn2T4A2w7zOcWMvNhNn20pYN1EFPdovs5vDrI= =gCFK -----END PGP SIGNATURE----- --U5eBieW1CIlusqg4C9HQnJvx592QTdCas--