On 08/06/2017 10:08 PM, Jeff Cody wrote:
> VHDX uses uint64_t types for most offsets, following the VHDX spec.
> However, bdrv_truncate() takes an int64_t value for the truncating
> offset. Check for overflow before calling bdrv_truncate().
>
> N.B.: For a compliant image this is not an issue, as the maximum VHDX
> image size is defined per the spec to be 64TB.
>
> Signed-off-by: Jeff Cody <jc...@redhat.com>
> ---
> block/vhdx-log.c | 4 ++++
> block/vhdx.c | 3 +++
> 2 files changed, 7 insertions(+)
>
> diff --git a/block/vhdx-log.c b/block/vhdx-log.c
> index fd4e7af..3b74e5d 100644
> --- a/block/vhdx-log.c
> +++ b/block/vhdx-log.c
> @@ -554,6 +554,10 @@ static int vhdx_log_flush(BlockDriverState *bs,
> BDRVVHDXState *s,
> if (new_file_size % (1024*1024)) {
> /* round up to nearest 1MB boundary */
> new_file_size = ((new_file_size >> 20) + 1) << 20;
Since you're touching here, can you fix this to use QEMU_ALIGN_UP instead?
> + if (new_file_size > INT64_MAX) {
> + ret = -EINVAL;
> + goto exit;
> + }
> bdrv_truncate(bs->file, new_file_size, PREALLOC_MODE_OFF,
> NULL);
Reviewed-by: Eric Blake <ebl...@redhat.com>
--
Eric Blake, Principal Software Engineer
Red Hat, Inc. +1-919-301-3266
Virtualization: qemu.org | libvirt.org
signature.asc
Description: OpenPGP digital signature
