From: Tuguoyi <tu.guoyi@h3c.com>
To: "kwolf@redhat.com" <kwolf@redhat.com>,
"mreitz@redhat.com" <mreitz@redhat.com>,
"qemu-block@nongnu.org" <qemu-block@nongnu.org>
Cc: Chengchiwen <chengchiwen@h3c.com>,
"qemu-devel@nongnu.org" <qemu-devel@nongnu.org>,
Wangyongqing <w_yongqing@h3c.com>,
Changlimin <changlimin@h3c.com>, Gaoliang <liang_gao@h3c.com>,
Wangyong <wang.yongD@h3c.com>
Subject: [PATCH] qcow2-bitmap: Fix uint64_t left-shift overflow
Date: Sat, 26 Oct 2019 09:19:48 +0000 [thread overview]
Message-ID: <9845459389d245fcaca2c017c27be8bc@h3c.com> (raw)
In check_constraints_on_bitmap(), the sanity check on the
granularity will cause uint64_t integer left-shift overflow
when cluster_size is 2M and the granularity is bigger than
32K which is even smaller than the default value for a qcow2
disk with cluster_size set to 64k or bigger. This patch fix
the issue by right-shift @len instead.
Signed-off-by: Guoyi Tu <tu.guoyi@h3c.com>
---
block/qcow2-bitmap.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/block/qcow2-bitmap.c b/block/qcow2-bitmap.c
index 98294a7..2a1d789 100644
--- a/block/qcow2-bitmap.c
+++ b/block/qcow2-bitmap.c
@@ -172,8 +172,8 @@ static int check_constraints_on_bitmap(BlockDriverState *bs,
}
if ((len > (uint64_t)BME_MAX_PHYS_SIZE << granularity_bits) ||
- (len > (uint64_t)BME_MAX_TABLE_SIZE * s->cluster_size <<
- granularity_bits))
+ ((len >> granularity_bits) > (uint64_t)BME_MAX_TABLE_SIZE *
+ s->cluster_size))
{
error_setg(errp, "Too much space will be occupied by the bitmap. "
"Use larger granularity");
--
2.7.4
-------------------------------------------------------------------------------------------------------------------------------------
本邮件及其附件含有新华三集团的保密信息,仅限于发送给上面地址中列出
的个人或群组。禁止任何其他人以任何形式使用(包括但不限于全部或部分地泄露、复制、
或散发)本邮件中的信息。如果您错收了本邮件,请您立即电话或邮件通知发件人并删除本
邮件!
This e-mail and its attachments contain confidential information from New H3C, which is
intended only for the person or entity whose address is listed above. Any use of the
information contained herein in any way (including, but not limited to, total or partial
disclosure, reproduction, or dissemination) by persons other than the intended
recipient(s) is prohibited. If you receive this e-mail in error, please notify the sender
by phone or email immediately and delete it!
next reply other threads:[~2019-10-26 13:24 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-10-26 9:19 Tuguoyi [this message]
2019-10-26 16:50 ` [PATCH] qcow2-bitmap: Fix uint64_t left-shift overflow Vladimir Sementsov-Ogievskiy
2019-10-28 1:14 ` 答复: " Tuguoyi
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=9845459389d245fcaca2c017c27be8bc@h3c.com \
--to=tu.guoyi@h3c.com \
--cc=changlimin@h3c.com \
--cc=chengchiwen@h3c.com \
--cc=kwolf@redhat.com \
--cc=liang_gao@h3c.com \
--cc=mreitz@redhat.com \
--cc=qemu-block@nongnu.org \
--cc=qemu-devel@nongnu.org \
--cc=w_yongqing@h3c.com \
--cc=wang.yongD@h3c.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).