[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH] migration: fix potential overflow in multifd se
|
From: |
Dr. David Alan Gilbert |
|
Subject: |
Re: [Qemu-devel] [PATCH] migration: fix potential overflow in multifd send |
|
Date: |
Tue, 24 Jul 2018 16:59:12 +0100 |
|
User-agent: |
Mutt/1.10.0 (2018-05-17) |
* Peter Xu (address@hidden) wrote:
> I would guess it won't happen normally, but this should ease Coverity.
>
> >>> CID 1394385: Integer handling issues (OVERFLOW_BEFORE_WIDEN)
> >>> Potentially overflowing expression "pages->used * 8192U" with type
> >>> "unsigned int" (32 bits, unsigned) is evaluated using 32-bit arithmetic,
> >>> and then used in a context that expects an expression of type "uint64_t"
> >>> (64 bits, unsigned).
> 854 transferred = pages->used * TARGET_PAGE_SIZE + p->packet_len;
>
> Fixes: CID 1394385
> CC: Juan Quintela <address@hidden>
> Signed-off-by: Peter Xu <address@hidden>
Queued
> ---
> migration/ram.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/migration/ram.c b/migration/ram.c
> index 52dd678092..fdd108475c 100644
> --- a/migration/ram.c
> +++ b/migration/ram.c
> @@ -851,7 +851,7 @@ static void multifd_send_pages(void)
> p->pages->block = NULL;
> multifd_send_state->pages = p->pages;
> p->pages = pages;
> - transferred = pages->used * TARGET_PAGE_SIZE + p->packet_len;
> + transferred = ((uint64_t) pages->used) * TARGET_PAGE_SIZE +
> p->packet_len;
> ram_counters.multifd_bytes += transferred;
> ram_counters.transferred += transferred;;
> qemu_mutex_unlock(&p->mutex);
> --
> 2.17.1
>
>
--
Dr. David Alan Gilbert / address@hidden / Manchester, UK