qcow2: Fix types in qcow2_alloc_clusters and alloc_clusters_noref

In order to avoid integer overflows.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
This commit is contained in:
Kevin Wolf 2014-03-26 13:05:51 +01:00 committed by Stefan Hajnoczi
parent 2b5d5953ee
commit bb572aefbd
2 changed files with 9 additions and 8 deletions

View File

@ -28,7 +28,7 @@
#include "qemu/range.h" #include "qemu/range.h"
#include "qapi/qmp/types.h" #include "qapi/qmp/types.h"
static int64_t alloc_clusters_noref(BlockDriverState *bs, int64_t size); static int64_t alloc_clusters_noref(BlockDriverState *bs, uint64_t size);
static int QEMU_WARN_UNUSED_RESULT update_refcount(BlockDriverState *bs, static int QEMU_WARN_UNUSED_RESULT update_refcount(BlockDriverState *bs,
int64_t offset, int64_t length, int64_t offset, int64_t length,
int addend, enum qcow2_discard_type type); int addend, enum qcow2_discard_type type);
@ -635,15 +635,16 @@ int qcow2_update_cluster_refcount(BlockDriverState *bs,
/* return < 0 if error */ /* return < 0 if error */
static int64_t alloc_clusters_noref(BlockDriverState *bs, int64_t size) static int64_t alloc_clusters_noref(BlockDriverState *bs, uint64_t size)
{ {
BDRVQcowState *s = bs->opaque; BDRVQcowState *s = bs->opaque;
int i, nb_clusters, refcount; uint64_t i, nb_clusters;
int refcount;
nb_clusters = size_to_clusters(s, size); nb_clusters = size_to_clusters(s, size);
retry: retry:
for(i = 0; i < nb_clusters; i++) { for(i = 0; i < nb_clusters; i++) {
int64_t next_cluster_index = s->free_cluster_index++; uint64_t next_cluster_index = s->free_cluster_index++;
refcount = get_refcount(bs, next_cluster_index); refcount = get_refcount(bs, next_cluster_index);
if (refcount < 0) { if (refcount < 0) {
@ -660,7 +661,7 @@ retry:
return (s->free_cluster_index - nb_clusters) << s->cluster_bits; return (s->free_cluster_index - nb_clusters) << s->cluster_bits;
} }
int64_t qcow2_alloc_clusters(BlockDriverState *bs, int64_t size) int64_t qcow2_alloc_clusters(BlockDriverState *bs, uint64_t size)
{ {
int64_t offset; int64_t offset;
int ret; int ret;

View File

@ -222,8 +222,8 @@ typedef struct BDRVQcowState {
uint64_t *refcount_table; uint64_t *refcount_table;
uint64_t refcount_table_offset; uint64_t refcount_table_offset;
uint32_t refcount_table_size; uint32_t refcount_table_size;
int64_t free_cluster_index; uint64_t free_cluster_index;
int64_t free_byte_offset; uint64_t free_byte_offset;
CoMutex lock; CoMutex lock;
@ -467,7 +467,7 @@ void qcow2_refcount_close(BlockDriverState *bs);
int qcow2_update_cluster_refcount(BlockDriverState *bs, int64_t cluster_index, int qcow2_update_cluster_refcount(BlockDriverState *bs, int64_t cluster_index,
int addend, enum qcow2_discard_type type); int addend, enum qcow2_discard_type type);
int64_t qcow2_alloc_clusters(BlockDriverState *bs, int64_t size); int64_t qcow2_alloc_clusters(BlockDriverState *bs, uint64_t size);
int qcow2_alloc_clusters_at(BlockDriverState *bs, uint64_t offset, int qcow2_alloc_clusters_at(BlockDriverState *bs, uint64_t offset,
int nb_clusters); int nb_clusters);
int64_t qcow2_alloc_bytes(BlockDriverState *bs, int size); int64_t qcow2_alloc_bytes(BlockDriverState *bs, int size);