On Mon, Aug 07, 2017 at 06:24:30AM -0500, Eric Blake wrote:
> On 08/06/2017 10:08 PM, Jeff Cody wrote:
> > VHDX uses uint64_t types for most offsets, following the VHDX spec.
> > However, bdrv_truncate() takes an int64_t value for the truncating
> > offset. Check for overflow before calling bdrv_truncate().
> >
> > N.B.: For a compliant image this is not an issue, as the maximum VHDX
> > image size is defined per the spec to be 64TB.
> >
> > Signed-off-by: Jeff Cody <[email protected]>
> > ---
> > block/vhdx-log.c | 4 ++++
> > block/vhdx.c | 3 +++
> > 2 files changed, 7 insertions(+)
> >
> > diff --git a/block/vhdx-log.c b/block/vhdx-log.c
> > index fd4e7af..3b74e5d 100644
> > --- a/block/vhdx-log.c
> > +++ b/block/vhdx-log.c
> > @@ -554,6 +554,10 @@ static int vhdx_log_flush(BlockDriverState *bs,
> > BDRVVHDXState *s,
> > if (new_file_size % (1024*1024)) {
> > /* round up to nearest 1MB boundary */
> > new_file_size = ((new_file_size >> 20) + 1) << 20;
>
> Since you're touching here, can you fix this to use QEMU_ALIGN_UP instead?
>
Good idea, yes.
> > + if (new_file_size > INT64_MAX) {
> > + ret = -EINVAL;
> > + goto exit;
> > + }
> > bdrv_truncate(bs->file, new_file_size, PREALLOC_MODE_OFF,
> > NULL);
>
> Reviewed-by: Eric Blake <[email protected]>
>
> --
> Eric Blake, Principal Software Engineer
> Red Hat, Inc. +1-919-301-3266
> Virtualization: qemu.org | libvirt.org
>
