[PATCH] hw/block: fix uint32 overflow

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PATCH] hw/block: fix uint32 overflow

From:	Dmitry Frolov
Subject:	[PATCH] hw/block: fix uint32 overflow
Date:	Tue, 17 Sep 2024 11:03:18 +0300

The product bs->bl.zone_size * (bs->bl.nr_zones - 1) may overflow
uint32.

Found by Linux Verification Center (linuxtesting.org) with SVACE.

Signed-off-by: Dmitry Frolov <frolov@swemel.ru>
---
 hw/block/virtio-blk.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/block/virtio-blk.c b/hw/block/virtio-blk.c
index 73bdfd6122..115795392c 100644
--- a/hw/block/virtio-blk.c
+++ b/hw/block/virtio-blk.c
@@ -700,7 +700,7 @@ static int virtio_blk_handle_zone_mgmt(VirtIOBlockReq *req, 
BlockZoneOp op)
     } else {
         if (bs->bl.zone_size > capacity - offset) {
             /* The zoned device allows the last smaller zone. */
-            len = capacity - bs->bl.zone_size * (bs->bl.nr_zones - 1);
+            len = capacity - bs->bl.zone_size * (bs->bl.nr_zones - 1ull);
         } else {
             len = bs->bl.zone_size;
         }
-- 
2.43.0

[Prev in Thread]

Current Thread

[Next in Thread]

[PATCH] hw/block: fix uint32 overflow, Dmitry Frolov <=
- Re: [PATCH] hw/block: fix uint32 overflow, Stefan Hajnoczi, 2024/09/17

Prev by Date: Re: [PATCH 0/1] hw/nvme: add atomic write support
Next by Date: [PATCH] hw/cxl: fix uint32 overflow cxl-mailbox-utils.c
Previous by thread: Re: [PATCH 0/1] hw/nvme: add atomic write support
Next by thread: Re: [PATCH] hw/block: fix uint32 overflow
Index(es):
- Date
- Thread