[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH 2/2] block/vhdx: check for offset overflow to bd
|
From: |
Jeff Cody |
|
Subject: |
Re: [Qemu-devel] [PATCH 2/2] block/vhdx: check for offset overflow to bdrv_truncate() |
|
Date: |
Mon, 7 Aug 2017 08:13:33 -0400 |
|
User-agent: |
Mutt/1.5.24 (2015-08-30) |
On Mon, Aug 07, 2017 at 06:24:30AM -0500, Eric Blake wrote:
> On 08/06/2017 10:08 PM, Jeff Cody wrote:
> > VHDX uses uint64_t types for most offsets, following the VHDX spec.
> > However, bdrv_truncate() takes an int64_t value for the truncating
> > offset. Check for overflow before calling bdrv_truncate().
> >
> > N.B.: For a compliant image this is not an issue, as the maximum VHDX
> > image size is defined per the spec to be 64TB.
> >
> > Signed-off-by: Jeff Cody <address@hidden>
> > ---
> > block/vhdx-log.c | 4 ++++
> > block/vhdx.c | 3 +++
> > 2 files changed, 7 insertions(+)
> >
> > diff --git a/block/vhdx-log.c b/block/vhdx-log.c
> > index fd4e7af..3b74e5d 100644
> > --- a/block/vhdx-log.c
> > +++ b/block/vhdx-log.c
> > @@ -554,6 +554,10 @@ static int vhdx_log_flush(BlockDriverState *bs,
> > BDRVVHDXState *s,
> > if (new_file_size % (1024*1024)) {
> > /* round up to nearest 1MB boundary */
> > new_file_size = ((new_file_size >> 20) + 1) << 20;
>
> Since you're touching here, can you fix this to use QEMU_ALIGN_UP instead?
>
Good idea, yes.
> > + if (new_file_size > INT64_MAX) {
> > + ret = -EINVAL;
> > + goto exit;
> > + }
> > bdrv_truncate(bs->file, new_file_size, PREALLOC_MODE_OFF,
> > NULL);
>
> Reviewed-by: Eric Blake <address@hidden>
>
> --
> Eric Blake, Principal Software Engineer
> Red Hat, Inc. +1-919-301-3266
> Virtualization: qemu.org | libvirt.org
>