mirror of
https://github.com/qemu/qemu.git
synced 2024-11-23 02:43:50 +08:00
migration: fix-possible-int-overflow
stat64_add() takes uint64_t as 2nd argument, but both "p->next_packet_size" and "p->packet_len" are uint32_t. Thus, theyr sum may overflow uint32_t. Found by Linux Verification Center (linuxtesting.org) with SVACE. Signed-off-by: Dmitry Frolov <frolov@swemel.ru> Link: https://lore.kernel.org/r/20241113140509.325732-2-frolov@swemel.ru Signed-off-by: Peter Xu <peterx@redhat.com>
This commit is contained in:
parent
4daff81efb
commit
0926c002c7
@ -623,7 +623,7 @@ static void *multifd_send_thread(void *opaque)
|
||||
}
|
||||
|
||||
stat64_add(&mig_stats.multifd_bytes,
|
||||
p->next_packet_size + p->packet_len);
|
||||
(uint64_t)p->next_packet_size + p->packet_len);
|
||||
|
||||
p->next_packet_size = 0;
|
||||
multifd_set_payload_type(p->data, MULTIFD_PAYLOAD_NONE);
|
||||
|
Loading…
Reference in New Issue
Block a user