[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [PATCH 2/3] block: Limit size to INT_MAX in bdrv_check_byte
|
From: |
Kevin Wolf |
|
Subject: |
[Qemu-devel] [PATCH 2/3] block: Limit size to INT_MAX in bdrv_check_byte_request() |
|
Date: |
Wed, 16 Apr 2014 15:08:29 +0200 |
Commit 8f4754ed intended to protect against integer overflow bugs in
block drivers by making sure that a single request that is passed to
drivers is no longer than INT_MAX bytes.
However, meanwhile there are some callers that don't use that code path
any more but call bdrv_check_byte_request() directy, so let's add a
check there as well.
Signed-off-by: Kevin Wolf <address@hidden>
---
block.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/block.c b/block.c
index 8be40bb..bcf9dc9 100644
--- a/block.c
+++ b/block.c
@@ -2589,6 +2589,10 @@ static int bdrv_check_byte_request(BlockDriverState *bs,
int64_t offset,
{
int64_t len;
+ if (size > INT_MAX) {
+ return -EIO;
+ }
+
if (!bdrv_is_inserted(bs))
return -ENOMEDIUM;
--
1.8.3.1