[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH for-5.2] block/export/vhost-user-blk-server.c: Avoid potentia
From: |
Stefan Hajnoczi |
Subject: |
Re: [PATCH for-5.2] block/export/vhost-user-blk-server.c: Avoid potential integer overflow |
Date: |
Tue, 10 Nov 2020 12:36:02 +0000 |
On Mon, Nov 09, 2020 at 04:16:45PM +0100, Max Reitz wrote:
> [Cc-ing Stefan]
>
> On 09.11.20 16:05, Peter Maydell wrote:
> > In vu_blk_discard_write_zeroes(), we read a 32-bit sector count from
> > the descriptor and convert it to a 64-bit byte count. Coverity warns
> > that the left shift is done with 32-bit arithmetic so it might
> > overflow before the conversion to 64-bit happens. Add a cast to
> > avoid this.
>
> This will silence Coverity, but both functions to which range[1] is then
> passed (blk_co_pdiscard() and blk_co_pwrite_zeroes()) only accept ints
> there, so this would only move the overflow to the function call.
>
> Shouldn’t we verify that the number of sectors is in range and return an
> error if it isn’t? (The same probably goes for the starting sector, then,
> too.)
Yes, the input validation from hw/block/virtio-blk.c is missing.
I'll send a patch to add that.
Stefan
signature.asc
Description: PGP signature