[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PATCH] qcow2: Avoid integer wraparound in qcow2_co_truncate()
|
From: |
Alberto Garcia |
|
Subject: |
[PATCH] qcow2: Avoid integer wraparound in qcow2_co_truncate() |
|
Date: |
Fri, 1 May 2020 15:15:25 +0200 |
After commit f01643fb8b47e8a70c04bbf45e0f12a9e5bc54de when an image is
extended and BDRV_REQ_ZERO_WRITE is set then the new clusters are
zeroized.
The code however does not detect correctly situations when the old and
the new end of the image are within the same cluster. The problem can
be reproduced with these steps:
qemu-img create -f qcow2 backing.qcow2 1M
qemu-img create -f qcow2 -b backing.qcow2 top.qcow2
qemu-img resize --shrink top.qcow2 520k
qemu-img resize top.qcow2 567k
In the last step offset - zero_start causes an integer wraparound.
Signed-off-by: Alberto Garcia <address@hidden>
---
block/qcow2.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/block/qcow2.c b/block/qcow2.c
index 2ba0b17c39..6d34d28c60 100644
--- a/block/qcow2.c
+++ b/block/qcow2.c
@@ -4234,6 +4234,9 @@ static int coroutine_fn
qcow2_co_truncate(BlockDriverState *bs, int64_t offset,
if ((flags & BDRV_REQ_ZERO_WRITE) && offset > old_length) {
uint64_t zero_start = QEMU_ALIGN_UP(old_length, s->cluster_size);
+ /* zero_start should not be after the new end of the image */
+ zero_start = MIN(zero_start, offset);
+
/*
* Use zero clusters as much as we can. qcow2_cluster_zeroize()
* requires a cluster-aligned start. The end may be unaligned if it is
--
2.20.1
- [PATCH] qcow2: Avoid integer wraparound in qcow2_co_truncate(),
Alberto Garcia <=