Re: [PATCH] block: fix possible int overflow

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] block: fix possible int overflow

From:	Kevin Wolf
Subject:	Re: [PATCH] block: fix possible int overflow
Date:	Wed, 6 Nov 2024 10:53:56 +0100

[ Cc: qemu-block ]

Am 06.11.2024 um 09:04 hat Dmitry Frolov geschrieben:
> The sum "cluster_index + count" may overflow uint32_t.
> 
> Found by Linux Verification Center (linuxtesting.org) with SVACE.
> 
> Signed-off-by: Dmitry Frolov <frolov@swemel.ru>

Thanks, applied to the block branch.

While trying to check if this can be triggered in practice, I found this
line in parallels_fill_used_bitmap():

    s->used_bmap_size = DIV_ROUND_UP(payload_bytes, s->cluster_size);

s->used_bmap_size is unsigned long, payload_bytes is the int64_t result
of bdrv_getlength() for the image file, which could certainly be made
more than 4 GB * cluster_size. I think we need an overflow check there,
too.

When allocate_clusters() calculates new_usedsize, it doesn't seem to
consider the overflow case either.

Denis, can you take a look?

Kevin

[Prev in Thread]

Current Thread

[Next in Thread]

[PATCH] block: fix possible int overflow, Dmitry Frolov, 2024/11/06
- Re: [PATCH] block: fix possible int overflow, Kevin Wolf <=
  - Re: [PATCH] block: fix possible int overflow, Denis V. Lunev, 2024/11/06
    - Re: [PATCH] block: fix possible int overflow, Kevin Wolf, 2024/11/06
    - Re: [PATCH] block: fix possible int overflow, Denis V. Lunev, 2024/11/08
  - Re: [PATCH] block: fix possible int overflow, Denis V. Lunev, 2024/11/08

Prev by Date: Re: [PATCH 12/19] hw/net/xilinx_ethlite: Only expect big-endian accesses
Next by Date: Re: [PATCH 0/4] python: update linting for new mypy/pylint releases
Previous by thread: [PATCH] block: fix possible int overflow
Next by thread: Re: [PATCH] block: fix possible int overflow
Index(es):
- Date
- Thread