|
| From: | Max Reitz |
| Subject: | Re: [Qemu-devel] [PATCH 08/21] qcow2: More helpers for refcount modification |
| Date: | Tue, 11 Nov 2014 09:42:03 +0100 |
| User-agent: | Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.2.0 |
On 2014-11-11 at 01:29, Eric Blake wrote:
On 11/10/2014 06:45 AM, Max Reitz wrote:Add helper functions for getting and setting refcounts in a refcount array for any possible refcount order, and choose the correct one during refcount initialization. Signed-off-by: Max Reitz <address@hidden> --- block/qcow2-refcount.c | 143 ++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 141 insertions(+), 2 deletions(-) + +static uint64_t get_refcount_ro6(const void *refcount_array, uint64_t index) +{ + return be64_to_cpu(((const uint64_t *)refcount_array)[index]); +}Should this return int64_t and error out if the user ever exceeded 2**63 via image fuzzing?
I don't know. It's nice that these helper functions cannot return an error and thus we don't have to check for a error. I think checking that the value didn't overflow in qcow2_get_refcount() should be sufficient and relieves the other callers (mainly the image check for its in-memory refcount table/array) which know that the value cannot overflow from error checking.
Although I did forget an overflow check after the call to get_refcount() in update_refcount_discard().
+ +static void set_refcount_ro6(void *refcount_array, uint64_t index, + uint64_t value) +{ + ((uint64_t *)refcount_array)[index] = cpu_to_be64(value); +}Should this assert that value <= INT64_MAX, since that's what the rest of the code caps it to?
Yes, that it should most certainly do. Max
| [Prev in Thread] | Current Thread | [Next in Thread] |