[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH v3] qcow2: Avoid integer wraparound in qcow2_co_truncate()
|
From: |
Alberto Garcia |
|
Subject: |
Re: [PATCH v3] qcow2: Avoid integer wraparound in qcow2_co_truncate() |
|
Date: |
Tue, 05 May 2020 11:16:40 +0200 |
|
User-agent: |
Notmuch/0.18.2 (http://notmuchmail.org) Emacs/24.4.1 (i586-pc-linux-gnu) |
On Tue 05 May 2020 10:54:12 AM CEST, Kevin Wolf wrote:
> But I think there is a more important problem with the test: It seems
> to pass even with old binaries that don't have the fix. Is this only
> on my system or do you get the same?
With old binaries when qcow2_cluster_zeroize() is called it receives
bytes = (UINT64_MAX - 9216), however that number is then used to
calculate the number of affected clusters, so it's rounded up, wraps
around again and back to zero. There's no visible sign of the error, it
just happens to work fine.
If there was a raw data file then we would try to write UINT64_MAX-9216
bytes to it, but in this case there's no backing file allowed and
therefore the image is not zeroed, so qcow2_cluster_zeroize() never
happens.
Why the test case then? There was a mistake with my first patch and
there it crashed (due to an assertion), that's why Eric thought it would
be a good idea to add a test case anyway, in case we have to change that
code in the future and we screw up.
Berto
Re: [PATCH v3] qcow2: Avoid integer wraparound in qcow2_co_truncate(), no-reply, 2020/05/05