Commit 8f4754ed intended to protect against integer overflow bugs in
block drivers by making sure that a single request that is passed to
drivers is no longer than INT_MAX bytes.
However, meanwhile there are some callers that don't use that code path
any more but call bdrv_check_byte_request() directy, so let's add a
check there as well.
Signed-off-by: Kevin Wolf <kw...@redhat.com>
Reviewed-by: Max Reitz <mre...@redhat.com>
---
block.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/block.c b/block.c
index 3b7951e..5a0b421 100644
--- a/block.c
+++ b/block.c
@@ -2581,6 +2581,10 @@ static int bdrv_check_byte_request(BlockDriverState *bs,
int64_t offset,
{
int64_t len;
+ if (size > INT_MAX) {
+ return -EIO;
+ }
+
if (!bdrv_is_inserted(bs))
return -ENOMEDIUM;
--
1.8.3.1
