Re: [Qemu-devel] [PATCH 3/3] block: Catch integer overflow in bdrv_rw_co()

[Max Reitz]

On 16.04.2014 15:08, Kevin Wolf wrote:
> Insanely large requests could cause an integer overflow in
> bdrv_rw_co() while converting sectors to bytes. This patch catches the
> problem and returns an error (if we hadn't overflown the integer here,
> bdrv_check_byte_request() would have rejected the request, so we're not
> breaking anything that was supposed to work before).
>
> We actually do have a test case that triggers behaviour where we
> accidentally let such a request pass, so that it would return success,
> but read 0 bytes instead of the requested 4 GB. It fails now like it
> should.
>
> If the vdi block driver wants to be able to deal with huge images, it
> can't read the whole block bitmap at once into memory like it does
> today, but needs to use a metadata cache like qcow2 does.
>
> Signed-off-by: Kevin Wolf <address@hidden>
> ---
>   block.c                    | 4 ++++
>   tests/qemu-iotests/084.out | 5 +----
>   2 files changed, 5 insertions(+), 4 deletions(-)

Maybe we should add some comment to test 084, as I can easily understand 
someone getting confused as why such a test now catching something 
practically unrelated to VDI there. Or we should just leave the output 
as it is, making the test deliberately fail.

The fix itself is correct, though. Requests exceeding INT_MAX bytes 
aren't supported in other places as well (right now, discards come to my 
mind), so it should be fine to reject them here as well.

Max