mirrors/qemu
0
0
Fork 0
mirror of https://github.com/qemu/qemu.git synced 2024-11-28 22:33:36 +08:00
Code Issues Packages Projects Releases Wiki Activity

qcow2: Prevent numerical overflow

Browse Source 
In qcow2_alloc_cluster_offset(), *num is limited to
INT_MAX >> BDRV_SECTOR_BITS by all callers. However, since remaining is
of type uint64_t, we might as well cast *num to that type before
performing the shift.

Cc: qemu-stable@nongnu.org
Signed-off-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
This commit is contained in:
Max Reitz 2014-12-02 18:32:50 +01:00 committed by Kevin Wolf
parent 2247798d13
commit 11c89769dc
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
block/qcow2-cluster.c
View File

@ -1263,7 +1263,7 @@ int qcow2_alloc_cluster_offset(BlockDriverState *bs, uint64_t offset,
again: again:
start = offset; start = offset;
remaining = *num << BDRV_SECTOR_BITS; remaining = (uint64_t)*num << BDRV_SECTOR_BITS;
cluster_offset = 0; cluster_offset = 0;
*host_offset = 0; *host_offset = 0;
cur_bytes = 0; cur_bytes = 0;