diff options
author | Max Reitz <mreitz@redhat.com> | 2014-12-02 18:32:50 +0100 |
---|---|---|
committer | Kevin Wolf <kwolf@redhat.com> | 2014-12-10 10:31:20 +0100 |
commit | 11c89769dc3e638ef72915d97058411ddf79b64b (patch) | |
tree | bf8c2026f009e60365e21ef398f04072c5630ec0 /block | |
parent | 2247798d13e5295a097da0a42f9d0d70d88690a4 (diff) | |
download | qemu-11c89769dc3e638ef72915d97058411ddf79b64b.tar.gz qemu-11c89769dc3e638ef72915d97058411ddf79b64b.tar.bz2 qemu-11c89769dc3e638ef72915d97058411ddf79b64b.zip |
qcow2: Prevent numerical overflow
In qcow2_alloc_cluster_offset(), *num is limited to
INT_MAX >> BDRV_SECTOR_BITS by all callers. However, since remaining is
of type uint64_t, we might as well cast *num to that type before
performing the shift.
Cc: qemu-stable@nongnu.org
Signed-off-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Diffstat (limited to 'block')
-rw-r--r-- | block/qcow2-cluster.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/block/qcow2-cluster.c b/block/qcow2-cluster.c index df0b2c9cec..1fea5142d0 100644 --- a/block/qcow2-cluster.c +++ b/block/qcow2-cluster.c @@ -1263,7 +1263,7 @@ int qcow2_alloc_cluster_offset(BlockDriverState *bs, uint64_t offset, again: start = offset; - remaining = *num << BDRV_SECTOR_BITS; + remaining = (uint64_t)*num << BDRV_SECTOR_BITS; cluster_offset = 0; *host_offset = 0; cur_bytes = 0; |