esx: cast dynamicProperty->val->int32 to unsigned long to avoid overflow

[PATCH] esx: cast dynamicProperty->val->int32 to unsigned long to avoid overflow

gerben@altlinux.org posted 1 patch 1 month, 2 weeks ago

Download mbox

Patches applied successfully (tree, apply log)
git fetch https://github.com/patchew-project/libvirt tags/patchew/20251024121448.312634-1-gerben@altlinux.org

src/esx/esx_driver.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

Expand all Fold all

[PATCH] esx: cast dynamicProperty->val->int32 to unsigned long to avoid overflow

Posted by gerben@altlinux.org 1 month, 2 weeks ago

From: Denis Rastyogin <gerben@altlinux.org>

dynamicProperty->val->int32 is now explicitly cast to unsigned long
before multiplying by 1024. This prevents potential overflow from
32-bit arithmetic when handling large VM memory values and
ensures correct scaling from megabytes to kilobytes.

Found by Linux Verification Center (linuxtesting.org) with SVACE.

Reported-by: Dmitriy Fedin <d.fedin@fobos-nt.ru>
Signed-off-by: Denis Rastyogin <gerben@altlinux.org>
---
 src/esx/esx_driver.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/esx/esx_driver.c b/src/esx/esx_driver.c
index 554fb3e18f..41ca2a9bc1 100644
--- a/src/esx/esx_driver.c
+++ b/src/esx/esx_driver.c
@@ -2052,7 +2052,7 @@ esxDomainGetInfo(virDomainPtr domain, virDomainInfoPtr info)
                 goto cleanup;
             }
 
-            info->maxMem = dynamicProperty->val->int32 * 1024; /* Scale from megabyte to kilobyte */
+            info->maxMem = (unsigned long) dynamicProperty->val->int32 * 1024; /* Scale from megabyte to kilobyte */
         } else if (STREQ(dynamicProperty->name, "config.hardware.numCPU")) {
             if (esxVI_AnyType_ExpectType(dynamicProperty->val,
                                          esxVI_Type_Int) < 0) {
-- 
2.42.2