From 35a3b47554f25a20fcb3b26f099dc85f57965940 Mon Sep 17 00:00:00 2001
From: Dylan Reid <dgreid@chromium.org>
Date: Sun, 9 Jun 2019 16:42:59 -0700
Subject: [PATCH] qcow: Calculate the max refcounts as a u64

u32's get multiplied together and can overflow. A usize was being
returned, make everything a u64 to make sure it fits.

Change-Id: I87071d294f4e62247c9ae72244db059a7b528b62
Signed-off-by: Dylan Reid <dgreid@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/1651459
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-by: Zach Reizner <zachr@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
(cherry picked from crosvm commit 21c941786ea0cb72114f3e9c7c940471664862b5)
Signed-off-by: Rob Bradford <robert.bradford@intel.com>
---
 qcow/src/qcow.rs | 16 ++++++++++------
 1 file changed, 10 insertions(+), 6 deletions(-)

diff --git a/qcow/src/qcow.rs b/qcow/src/qcow.rs
index 4a25749b1..178fb70cb 100755
--- a/qcow/src/qcow.rs
+++ b/qcow/src/qcow.rs
@@ -322,11 +322,15 @@ impl QcowHeader {
     }
 }
 
-fn max_refcount_clusters(refcount_order: u32, cluster_size: u32, num_clusters: u32) -> usize {
-    let refcount_bytes = (0x01u32 << refcount_order) / 8;
-    let for_data = div_round_up_u32(num_clusters * refcount_bytes, cluster_size);
-    let for_refcounts = div_round_up_u32(for_data * refcount_bytes, cluster_size);
-    for_data as usize + for_refcounts as usize
+fn max_refcount_clusters(refcount_order: u32, cluster_size: u32, num_clusters: u32) -> u64 {
+    // Use u64 as the product of the u32 inputs can overflow.
+    let refcount_bytes = (0x01 << u64::from(refcount_order)) / 8;
+    let for_data = div_round_up_u64(
+        u64::from(num_clusters) * refcount_bytes,
+        u64::from(cluster_size),
+    );
+    let for_refcounts = div_round_up_u64(for_data * refcount_bytes, u64::from(cluster_size));
+    for_data + for_refcounts
 }
 
 /// Represents a qcow2 file. This is a sparse file format maintained by the qemu project.
@@ -446,7 +450,7 @@ impl QcowFile {
             header.refcount_order,
             cluster_size as u32,
             (num_clusters + l1_clusters + num_l2_clusters + header_clusters) as u32,
-        ) as u64;
+        );
         let refcount_block_entries = cluster_size / refcount_bytes;
         let refcounts = RefCount::new(
             &mut raw_file,