qemu-block
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v3] qcow2: Avoid integer wraparound in qcow2_co_truncate()


From: Kevin Wolf
Subject: Re: [PATCH v3] qcow2: Avoid integer wraparound in qcow2_co_truncate()
Date: Tue, 5 May 2020 11:19:32 +0200

Am 05.05.2020 um 11:16 hat Alberto Garcia geschrieben:
> On Tue 05 May 2020 10:54:12 AM CEST, Kevin Wolf wrote:
> > But I think there is a more important problem with the test: It seems
> > to pass even with old binaries that don't have the fix. Is this only
> > on my system or do you get the same?
> 
> With old binaries when qcow2_cluster_zeroize() is called it receives
> bytes = (UINT64_MAX - 9216), however that number is then used to
> calculate the number of affected clusters, so it's rounded up, wraps
> around again and back to zero. There's no visible sign of the error, it
> just happens to work fine.
> 
> If there was a raw data file then we would try to write UINT64_MAX-9216
> bytes to it, but in this case there's no backing file allowed and
> therefore the image is not zeroed, so qcow2_cluster_zeroize() never
> happens.
> 
> Why the test case then? There was a mistake with my first patch and
> there it crashed (due to an assertion), that's why Eric thought it would
> be a good idea to add a test case anyway, in case we have to change that
> code in the future and we screw up.

Thanks for the explanation, this makes sense. I'll apply the patch now.

Kevin




reply via email to

[Prev in Thread] Current Thread [Next in Thread]