[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PATCH] hw/block: fix uint32 overflow
From: |
Dmitry Frolov |
Subject: |
[PATCH] hw/block: fix uint32 overflow |
Date: |
Tue, 17 Sep 2024 11:03:18 +0300 |
The product bs->bl.zone_size * (bs->bl.nr_zones - 1) may overflow
uint32.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
Signed-off-by: Dmitry Frolov <frolov@swemel.ru>
---
hw/block/virtio-blk.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/hw/block/virtio-blk.c b/hw/block/virtio-blk.c
index 73bdfd6122..115795392c 100644
--- a/hw/block/virtio-blk.c
+++ b/hw/block/virtio-blk.c
@@ -700,7 +700,7 @@ static int virtio_blk_handle_zone_mgmt(VirtIOBlockReq *req,
BlockZoneOp op)
} else {
if (bs->bl.zone_size > capacity - offset) {
/* The zoned device allows the last smaller zone. */
- len = capacity - bs->bl.zone_size * (bs->bl.nr_zones - 1);
+ len = capacity - bs->bl.zone_size * (bs->bl.nr_zones - 1ull);
} else {
len = bs->bl.zone_size;
}
--
2.43.0
- [PATCH] hw/block: fix uint32 overflow,
Dmitry Frolov <=