[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PATCH v4 03/16] block: fix theoretical overflow in bdrv_init_padding()
From: |
Vladimir Sementsov-Ogievskiy |
Subject: |
[PATCH v4 03/16] block: fix theoretical overflow in bdrv_init_padding() |
Date: |
Fri, 11 Dec 2020 21:39:21 +0300 |
Calculation of sum may theoretically overflow, so use 64bit type and
add some good assertions.
Use int64_t constantly.
Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
---
block/io.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/block/io.c b/block/io.c
index 21e8a50725..d9bc67f1b0 100644
--- a/block/io.c
+++ b/block/io.c
@@ -1537,8 +1537,12 @@ static bool bdrv_init_padding(BlockDriverState *bs,
int64_t offset, int64_t bytes,
BdrvRequestPadding *pad)
{
- uint64_t align = bs->bl.request_alignment;
- size_t sum;
+ int64_t align = bs->bl.request_alignment;
+ int64_t sum;
+
+ bdrv_check_request(offset, bytes, &error_abort);
+ assert(align <= INT_MAX); /* documented in block/block_int.h */
+ assert(align * 2 <= SIZE_MAX); /* so we can allocate the buffer */
memset(pad, 0, sizeof(*pad));
--
2.25.4
- [PATCH v4 00/16] 64bit block-layer: part I, Vladimir Sementsov-Ogievskiy, 2020/12/11
- [PATCH v4 01/16] block: refactor bdrv_check_request: add errp, Vladimir Sementsov-Ogievskiy, 2020/12/11
- [PATCH v4 02/16] util/iov: make qemu_iovec_init_extended() honest, Vladimir Sementsov-Ogievskiy, 2020/12/11
- [PATCH v4 05/16] block/io: bdrv_pad_request(): support qemu_iovec_init_extended failure, Vladimir Sementsov-Ogievskiy, 2020/12/11
- [PATCH v4 04/16] block/io: refactor bdrv_pad_request(): move bdrv_pad_request() up, Vladimir Sementsov-Ogievskiy, 2020/12/11
- [PATCH v4 07/16] block/io: improve bdrv_check_request: check qiov too, Vladimir Sementsov-Ogievskiy, 2020/12/11
- [PATCH v4 08/16] block: use int64_t as bytes type in tracked requests, Vladimir Sementsov-Ogievskiy, 2020/12/11
- [PATCH v4 03/16] block: fix theoretical overflow in bdrv_init_padding(),
Vladimir Sementsov-Ogievskiy <=
- [PATCH v4 06/16] block/throttle-groups: throttle_group_co_io_limits_intercept(): 64bit bytes, Vladimir Sementsov-Ogievskiy, 2020/12/11
- [PATCH v4 15/16] block/io: support int64_t bytes in read/write wrappers, Vladimir Sementsov-Ogievskiy, 2020/12/11
- [PATCH v4 16/16] block/io: use int64_t bytes in copy_range, Vladimir Sementsov-Ogievskiy, 2020/12/11
- [PATCH v4 11/16] block/io: support int64_t bytes in bdrv_aligned_pwritev(), Vladimir Sementsov-Ogievskiy, 2020/12/11
- [PATCH v4 13/16] block/io: support int64_t bytes in bdrv_aligned_preadv(), Vladimir Sementsov-Ogievskiy, 2020/12/11
- [PATCH v4 09/16] block/io: use int64_t bytes in driver wrappers, Vladimir Sementsov-Ogievskiy, 2020/12/11
- [PATCH v4 14/16] block/io: support int64_t bytes in bdrv_co_p{read, write}v_part(), Vladimir Sementsov-Ogievskiy, 2020/12/11
- [PATCH v4 10/16] block/io: support int64_t bytes in bdrv_co_do_pwrite_zeroes(), Vladimir Sementsov-Ogievskiy, 2020/12/11
- [PATCH v4 12/16] block/io: support int64_t bytes in bdrv_co_do_copy_on_readv(), Vladimir Sementsov-Ogievskiy, 2020/12/11
- Re: [PATCH v4 00/16] 64bit block-layer: part I, Vladimir Sementsov-Ogievskiy, 2020/12/14