mirrors/qemu
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

hw/block: fix uint32 overflow

Browse Source 
The product bs->bl.zone_size * (bs->bl.nr_zones - 1) may overflow
uint32.

Found by Linux Verification Center (linuxtesting.org) with SVACE.

Signed-off-by: Dmitry Frolov <frolov@swemel.ru>
Message-id: 20240917080356.270576-2-frolov@swemel.ru
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
This commit is contained in:
Dmitry Frolov 2024-09-17 11:03:18 +03:00 committed by Stefan Hajnoczi
parent ea9cdbcf3a
commit 89cd6254b8
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
hw/block/virtio-blk.c
View File

@ -700,7 +700,7 @@ static int virtio_blk_handle_zone_mgmt(VirtIOBlockReq *req, BlockZoneOp op)
} else {
if (bs->bl.zone_size > capacity - offset) {
/* The zoned device allows the last smaller zone. */
len = capacity - bs->bl.zone_size * (bs->bl.nr_zones - 1);
len = capacity - bs->bl.zone_size * (bs->bl.nr_zones - 1ull);
} else {
len = bs->bl.zone_size;
}