On Wed, Mar 02, 2016 at 04:27:31PM +0100, Max Reitz wrote: > On 02.03.2016 16:16, Jeff Cody wrote: > > The function qemu_strtoul() reads 'unsigned long' sized data, > > which is larger than uint32_t on 64-bit machines. > > > > Even though the snap_id field in the header is 32-bits, we must > > accomodate the full size in qemu_strtoul(). > > > > Reported-by: Paolo Bonzini <[email protected]> > > Signed-off-by: Jeff Cody <[email protected]> > > --- > > block/sheepdog.c | 6 +++--- > > 1 file changed, 3 insertions(+), 3 deletions(-) > > > > diff --git a/block/sheepdog.c b/block/sheepdog.c > > index 8739acc..c6bf900 100644 > > --- a/block/sheepdog.c > > +++ b/block/sheepdog.c > > @@ -2543,7 +2543,7 @@ static int sd_snapshot_delete(BlockDriverState *bs, > > const char *name, > > Error **errp) > > { > > - uint32_t snap_id = 0; > > + unsigned long snap_id = 0; > > char snap_tag[SD_MAX_VDI_TAG_LEN]; > > Error *local_err = NULL; > > int fd, ret; > > @@ -2565,12 +2565,12 @@ static int sd_snapshot_delete(BlockDriverState *bs, > > memset(buf, 0, sizeof(buf)); > > memset(snap_tag, 0, sizeof(snap_tag)); > > pstrcpy(buf, SD_MAX_VDI_LEN, s->name); > > - if (qemu_strtoul(snapshot_id, NULL, 10, (unsigned long *)&snap_id)) { > > + if (qemu_strtoul(snapshot_id, NULL, 10, &snap_id)) { > > return -1; > > } > > > > if (snap_id) { > > - hdr.snapid = snap_id; > > + hdr.snapid = (uint32_t) snap_id; > > Maybe we should do an overflow check before? >
Probably not a bad idea - easy enough, and that would prevent a false positive match due to id truncation. I'll spin a v2. Jeff
