summaryrefslogtreecommitdiff
path: root/hw/ide/macio.c
diff options
context:
space:
mode:
authorMark Cave-Ayland <mark.cave-ayland@ilande.co.uk>2016-01-11 14:10:42 -0500
committerJohn Snow <jsnow@redhat.com>2016-01-11 14:10:42 -0500
commit97225170f6ee6d0ad8653916c7a5e4508cbffc18 (patch)
treedf7207c3f5e20598f4a972957d61ff2a04ee53b9 /hw/ide/macio.c
parent7b8a354d4716ab2c201fad04c22b8d4a16a1b8c6 (diff)
downloadqemu-97225170f6ee6d0ad8653916c7a5e4508cbffc18.tar.gz
qemu-97225170f6ee6d0ad8653916c7a5e4508cbffc18.tar.bz2
qemu-97225170f6ee6d0ad8653916c7a5e4508cbffc18.zip
macio: fix overflow in lba to offset conversion for ATAPI devices
As the IDEState lba field is an int32_t, make sure we cast to int64_t before shifting to calculate the offset. Otherwise we end up with an overflow when trying to access sectors beyond 2GB as can occur when using DVD images. [Maintainer edit: fixed extraneous parentheses. --js] Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Reviewed-by: John Snow <jsnow@redhat.com> Message-id: 1451928613-29476-1-git-send-email-mark.cave-ayland@ilande.co.uk Signed-off-by: John Snow <jsnow@redhat.com>
Diffstat (limited to 'hw/ide/macio.c')
-rw-r--r--hw/ide/macio.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/hw/ide/macio.c b/hw/ide/macio.c
index 97712619cd..d4031b65e4 100644
--- a/hw/ide/macio.c
+++ b/hw/ide/macio.c
@@ -280,7 +280,7 @@ static void pmac_ide_atapi_transfer_cb(void *opaque, int ret)
}
/* Calculate current offset */
- offset = (int64_t)(s->lba << 11) + s->io_buffer_index;
+ offset = ((int64_t)s->lba << 11) + s->io_buffer_index;
pmac_dma_read(s->blk, offset, io->len, pmac_ide_atapi_transfer_cb, io);
return;