mirrors/qemu
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

migration: fix-possible-int-overflow

Browse Source 
stat64_add() takes uint64_t as 2nd argument, but both
"p->next_packet_size" and "p->packet_len" are uint32_t.
Thus, theyr sum may overflow uint32_t.

Found by Linux Verification Center (linuxtesting.org) with SVACE.

Signed-off-by: Dmitry Frolov <frolov@swemel.ru>
Link: https://lore.kernel.org/r/20241113140509.325732-2-frolov@swemel.ru
Signed-off-by: Peter Xu <peterx@redhat.com>
This commit is contained in:
Dmitry Frolov 2024-11-13 17:05:01 +03:00 committed by Peter Xu
parent 4daff81efb
commit 0926c002c7
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
migration/multifd.c
View File

@ -623,7 +623,7 @@ static void *multifd_send_thread(void *opaque)
} }
stat64_add(&mig_stats.multifd_bytes, stat64_add(&mig_stats.multifd_bytes,
p->next_packet_size + p->packet_len); (uint64_t)p->next_packet_size + p->packet_len);
p->next_packet_size = 0; p->next_packet_size = 0;
multifd_set_payload_type(p->data, MULTIFD_PAYLOAD_NONE); multifd_set_payload_type(p->data, MULTIFD_PAYLOAD_NONE);