[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [PATCH] migration: fix potential overflow in multifd send
From: |
Peter Xu |
Subject: |
[Qemu-devel] [PATCH] migration: fix potential overflow in multifd send |
Date: |
Fri, 20 Jul 2018 11:47:13 +0800 |
I would guess it won't happen normally, but this should ease Coverity.
>>> CID 1394385: Integer handling issues (OVERFLOW_BEFORE_WIDEN)
>>> Potentially overflowing expression "pages->used * 8192U" with type
>>> "unsigned int" (32 bits, unsigned) is evaluated using 32-bit arithmetic,
>>> and then used in a context that expects an expression of type "uint64_t"
>>> (64 bits, unsigned).
854 transferred = pages->used * TARGET_PAGE_SIZE + p->packet_len;
Fixes: CID 1394385
CC: Juan Quintela <address@hidden>
Signed-off-by: Peter Xu <address@hidden>
---
migration/ram.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/migration/ram.c b/migration/ram.c
index 52dd678092..fdd108475c 100644
--- a/migration/ram.c
+++ b/migration/ram.c
@@ -851,7 +851,7 @@ static void multifd_send_pages(void)
p->pages->block = NULL;
multifd_send_state->pages = p->pages;
p->pages = pages;
- transferred = pages->used * TARGET_PAGE_SIZE + p->packet_len;
+ transferred = ((uint64_t) pages->used) * TARGET_PAGE_SIZE + p->packet_len;
ram_counters.multifd_bytes += transferred;
ram_counters.transferred += transferred;;
qemu_mutex_unlock(&p->mutex);
--
2.17.1
- [Qemu-devel] [PATCH] migration: fix potential overflow in multifd send,
Peter Xu <=