When you request an image size close to UINT64_MAX, the addition of the crypto header may cause an integer overflow. Catch it instead of silently truncating the image size.
Signed-off-by: Kevin Wolf <[email protected]> Reviewed-by: Daniel P. Berrangé <[email protected]> --- block/crypto.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/block/crypto.c b/block/crypto.c index 16c371ec9c..9dac08c6c5 100644 --- a/block/crypto.c +++ b/block/crypto.c @@ -102,6 +102,11 @@ static ssize_t block_crypto_init_func(QCryptoBlock *block, { struct BlockCryptoCreateData *data = opaque; + if (data->size > INT64_MAX || headerlen > INT64_MAX - data->size) { + error_setg(errp, "The requested file size is too large"); + return -EFBIG; + } + /* User provided size should reflect amount of space made * available to the guest, so we must take account of that * which will be used by the crypto header -- 2.13.6
