]> git.proxmox.com Git - mirror_qemu.git/commitdiff
projects / mirror_qemu.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: b062ad8)
block: Detect multiplication overflow in bdrv_getlength
authorFam Zheng <famz@redhat.com>
Fri, 15 May 2015 08:36:05 +0000 (16:36 +0800)
committerKevin Wolf <kwolf@redhat.com>
Fri, 22 May 2015 15:08:01 +0000 (17:08 +0200)
Bogus image may have a large total_sectors that will overflow the
multiplication. For cleanness, fix the return code so the error message
will be meaningful.

Reported-by: Richard W.M. Jones <rjones@redhat.com>
Signed-off-by: Fam Zheng <famz@redhat.com>
Reviewed-by: Alberto Garcia <berto@igalia.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
block.c patch | blob | blame | history

diff --git a/block.c b/block.c
index 325f7272fec5c10bfed9eb67d4546206b77e388f..f42d70e791c7aba191d6612cb5f2abbf4cdc4fc9 100644 (file)
--- a/block.c
+++ b/block.c
@@ -2341,6 +2341,7 @@ int64_t bdrv_getlength(BlockDriverState *bs)
 {
     int64_t ret = bdrv_nb_sectors(bs);
 
+    ret = ret > INT64_MAX / BDRV_SECTOR_SIZE ? -EFBIG : ret;
     return ret < 0 ? ret : ret * BDRV_SECTOR_SIZE;
 }
 
QEMU mirror