mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2025-03-07 17:28:15 +00:00
storage: avoid mishandling backing store > 2GB
Detected by Coverity. The code was doing math on shifted unsigned char (which promotes to int), then promoting that to unsigned long during assignment to size. On 64-bit platforms, this risks sign extending values of size > 2GiB. Bug present since commit 489fd3 (v0.6.0). I'm not sure if a specially-crafted bogus qcow2 image could exploit this, although it's probably not possible, since we were already checking for the computed results being within range of our fixed-size buffer. * src/util/storage_file.c (qcowXGetBackingStore): Avoid sign extension.
This commit is contained in:
parent
28ea3bf31c
commit
54456cc0fd
@ -274,7 +274,7 @@ qcowXGetBackingStore(char **res,
|
||||
bool isQCow2)
|
||||
{
|
||||
unsigned long long offset;
|
||||
unsigned long size;
|
||||
unsigned int size;
|
||||
|
||||
*res = NULL;
|
||||
if (format)
|
||||
|
Loading…
x
Reference in New Issue
Block a user