[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH 1/2] block: Detect multiplication overflow in bd
|
From: |
Fam Zheng |
|
Subject: |
Re: [Qemu-devel] [PATCH 1/2] block: Detect multiplication overflow in bdrv_getlength |
|
Date: |
Fri, 15 May 2015 16:34:59 +0800 |
|
User-agent: |
Mutt/1.5.23 (2014-03-12) |
On Fri, 05/15 10:10, Markus Armbruster wrote:
> Fam Zheng <address@hidden> writes:
>
> > Bogus image may have a large total_sectors that will overflow the
> > multiplication. For cleanness, fix the return code so the error message
> > will be meaningful.
> >
> > Reported-by: Richard W.M. Jones <address@hidden>
> > Signed-off-by: Fam Zheng <address@hidden>
> > ---
> > block.c | 1 +
> > 1 file changed, 1 insertion(+)
> >
> > diff --git a/block.c b/block.c
> > index 7904098..5ee3fdf 100644
> > --- a/block.c
> > +++ b/block.c
> > @@ -2330,6 +2330,7 @@ int64_t bdrv_getlength(BlockDriverState *bs)
> > {
> > int64_t ret = bdrv_nb_sectors(bs);
> >
> > + ret = (int64_t)(ret * BDRV_SECTOR_SIZE) < 0 ? -EFBIG : ret;
> > return ret < 0 ? ret : ret * BDRV_SECTOR_SIZE;
> > }
>
> Signed integer overflow is undefined behavior. Your code works just
> fine on any remotely sane machine, *except* when the optimizer decides
> to use its undefined behavior license to mess with you.
>
> A more prudent way to test for overflow would be something like
>
> ret > INT64_MAX / BDRV_SECTOR_SIZE
Yes, this is better, will fix.
Thanks,
Fam