[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[qemu-xen master] qcow2-cluster: Fix integer left shift error in qcow2_alloc_cluster_link_l2()



commit 348fcc4f7ace1718006e646078d88c8cd8c1d97e
Author:     Tuguoyi <tu.guoyi@xxxxxxx>
AuthorDate: Wed Aug 5 09:22:58 2020 +0000
Commit:     Peter Maydell <peter.maydell@xxxxxxxxxx>
CommitDate: Wed Aug 5 14:56:11 2020 +0100

    qcow2-cluster: Fix integer left shift error in qcow2_alloc_cluster_link_l2()
    
    When calculating the offset, the result of left shift operation will be 
promoted
    to type int64 automatically because the left operand of + operator is 
uint64_t.
    but the result after integer promotion may be produce an error value for us 
and
    trigger the following asserting error.
    
    For example, consider i=0x2000, cluster_bits=18, the result of left shift
    operation will be 0x80000000. Cause argument i is of signed integer type,
    the result is automatically promoted to 0xffffffff80000000 which is not
    we expected
    
    The way to trigger the assertion error:
      qemu-img create -f qcow2 -o preallocation=full,cluster_size=256k tmpdisk 
10G
    
    This patch fix it by casting @i to uint64_t before doing left shift 
operation
    
    Signed-off-by: Guoyi Tu <tu.guoyi@xxxxxxx>
    Reviewed-by: Eric Blake <eblake@xxxxxxxxxx>
    Reviewed-by: Kevin Wolf <kwolf@xxxxxxxxxx>
    Reviewed-by: Alberto Garcia <berto@xxxxxxxxxx>
    Message-id: 81ba90fe0c014f269621c283269b42ad@xxxxxxx
    Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>
---
 block/qcow2-cluster.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/block/qcow2-cluster.c b/block/qcow2-cluster.c
index a677ba9f5c..550850b264 100644
--- a/block/qcow2-cluster.c
+++ b/block/qcow2-cluster.c
@@ -980,7 +980,7 @@ int qcow2_alloc_cluster_link_l2(BlockDriverState *bs, 
QCowL2Meta *m)
 
     assert(l2_index + m->nb_clusters <= s->l2_slice_size);
     for (i = 0; i < m->nb_clusters; i++) {
-        uint64_t offset = cluster_offset + (i << s->cluster_bits);
+        uint64_t offset = cluster_offset + ((uint64_t)i << s->cluster_bits);
         /* if two concurrent writes happen to the same unallocated cluster
          * each write allocates separate cluster and writes data concurrently.
          * The first one to complete updates l2 table with pointer to its
--
generated by git-patchbot for /home/xen/git/qemu-xen.git#master



 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.