[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH v1 2/3] qcow2: fix offset overflow
From: |
Hu Tao |
Subject: |
Re: [Qemu-devel] [PATCH v1 2/3] qcow2: fix offset overflow |
Date: |
Mon, 6 Jan 2014 16:35:58 +0800 |
User-agent: |
Mutt/1.5.21 (2010-09-15) |
On Mon, Dec 30, 2013 at 01:29:08PM +0800, Hu Tao wrote:
> When cluster size is big enough it can lead offset overflow
> in qcow2_alloc_clusters_at(). This patch fixes it.
ping. and be more descriptive:
The allocation each time is stopped at L2 table boundary(see handle_alloc()),
so the possible maximum bytes could be
2^(cluster_bits - 3 + cluster_bits)
so int is safe for cluster_bits<=17, unsafe otherwise.
>
> Signed-off-by: Hu Tao <address@hidden>
> ---
> block/qcow2-refcount.c | 7 ++++++-
> 1 file changed, 6 insertions(+), 1 deletion(-)
>
> diff --git a/block/qcow2-refcount.c b/block/qcow2-refcount.c
> index c974abe..b3ebb7f 100644
> --- a/block/qcow2-refcount.c
> +++ b/block/qcow2-refcount.c
> @@ -676,7 +676,12 @@ int qcow2_alloc_clusters_at(BlockDriverState *bs,
> uint64_t offset,
> BDRVQcowState *s = bs->opaque;
> uint64_t cluster_index;
> uint64_t old_free_cluster_index;
> - int i, refcount, ret;
> + uint64_t i;
> + int refcount, ret;
> +
> + if (nb_clusters <= 0) {
> + return 0;
> + }
>
> /* Check how many clusters there are free */
> cluster_index = offset >> s->cluster_bits;
> --
> 1.7.11.7
>
- Re: [Qemu-devel] [PATCH v1 2/3] qcow2: fix offset overflow,
Hu Tao <=