storage: avoid mishandling backing store > 2GB

Detected by Coverity. The code was doing math on shifted unsigned char (which promotes to int), then promoting that to unsigned long during assignment to size. On 64-bit platforms, this risks sign extending values of size > 2GiB. Bug present since commit 489fd3 (v0.6.0). I'm not sure if a specially-crafted bogus qcow2 image could exploit this, although it's probably not possible, since we were already checking for the computed results being within range of our fixed-size buffer. * src/util/storage_file.c (qcowXGetBackingStore): Avoid sign extension.
2025-03-07 17:28:15 +00:00 · 2011-06-02 17:52:16 -06:00 · 2011-06-02 17:52:16 -06:00 · 54456cc0fd
commit 54456cc0fd
parent 28ea3bf31c
1 changed files with 1 additions and 1 deletions
--- a/src/util/storage_file.c
+++ b/src/util/storage_file.c
@ -274,7 +274,7 @@ qcowXGetBackingStore(char **res,
                     bool isQCow2)
 {
    unsigned long long offset;
-    unsigned long size;
+    unsigned int size;

    *res = NULL;
    if (format)