From nobody Fri Dec 12 14:08:54 2025
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of lists.libvirt.org designates
 8.43.85.245 as permitted sender) client-ip=8.43.85.245;
 envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org;
Authentication-Results: mx.zohomail.com;
	spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as
 permitted sender)  smtp.mailfrom=devel-bounces@lists.libvirt.org
Return-Path: <devel-bounces@lists.libvirt.org>
Received: from lists.libvirt.org (lists.libvirt.org [8.43.85.245]) by
 mx.zohomail.com
	with SMTPS id 1761736338939459.1738411775841;
 Wed, 29 Oct 2025 04:12:18 -0700 (PDT)
Received: by lists.libvirt.org (Postfix, from userid 993)
	id 39518418AB; Wed, 29 Oct 2025 07:12:18 -0400 (EDT)
Received: from [172.19.199.29] (lists.libvirt.org [8.43.85.245])
	by lists.libvirt.org (Postfix) with ESMTP id 3F99741A25;
	Wed, 29 Oct 2025 07:10:14 -0400 (EDT)
Received: by lists.libvirt.org (Postfix, from userid 993)
	id 2DB1745F2B; Fri, 24 Oct 2025 08:14:56 -0400 (EDT)
Received: from air.basealt.ru (air.basealt.ru [193.43.8.18])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (3072 bits) server-digest
 SHA256)
	(No client certificate requested)
	by lists.libvirt.org (Postfix) with ESMTPS id A12D744131
	for <devel@lists.libvirt.org>; Fri, 24 Oct 2025 08:14:54 -0400 (EDT)
Received: from boringlust.malta.altlinux.ru (obninsk.basealt.ru
 [217.15.195.17])
	(Authenticated sender: rastyoginds)
	by air.basealt.ru (Postfix) with ESMTPSA id 1334F23379
	for <devel@lists.libvirt.org>; Fri, 24 Oct 2025 15:14:50 +0300 (MSK)
X-Spam-Checker-Version: SpamAssassin 4.0.1 (2024-03-26) on lists.libvirt.org
X-Spam-Level: 
X-Spam-Status: No, score=-5.2 required=5.0 tests=BAYES_00,
	HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED,
	RCVD_IN_VALIDITY_CERTIFIED_BLOCKED,RCVD_IN_VALIDITY_RPBL_BLOCKED,
	RCVD_IN_VALIDITY_SAFE_BLOCKED,SPF_PASS autolearn=unavailable
	autolearn_force=no version=4.0.1
From: gerben@altlinux.org
To: devel@lists.libvirt.org
Subject: [PATCH] esx: cast dynamicProperty->val->int32 to unsigned long to
 avoid overflow
Date: Fri, 24 Oct 2025 15:14:12 +0300
Message-ID: <20251024121448.312634-1-gerben@altlinux.org>
X-Mailer: git-send-email 2.42.2
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
X-MailFrom: gerben@altlinux.org
X-Mailman-Rule-Hits: nonmember-moderation
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop;
 banned-address; header-match-devel.lists.libvirt.org-0; emergency;
 member-moderation
Message-ID-Hash: LAPSSJNVSOZVAIPW7NV4XZDZHS44LEUJ
X-Message-ID-Hash: LAPSSJNVSOZVAIPW7NV4XZDZHS44LEUJ
X-Mailman-Approved-At: Wed, 29 Oct 2025 11:10:04 +0000
X-Mailman-Version: 3.3.10
Precedence: list
List-Id: Development discussions about the libvirt library & tools
 <devel.lists.libvirt.org>
Archived-At: 
 <https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/message/LAPSSJNVSOZVAIPW7NV4XZDZHS44LEUJ/>
List-Archive: 
 <https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/>
List-Help: <mailto:devel-request@lists.libvirt.org?subject=help>
List-Owner: <mailto:devel-owner@lists.libvirt.org>
List-Post: <mailto:devel@lists.libvirt.org>
List-Subscribe: <mailto:devel-join@lists.libvirt.org>
List-Unsubscribe: <mailto:devel-leave@lists.libvirt.org>
X-ZM-MESSAGEID: 1761736341260154100
Content-Type: text/plain; charset="utf-8"

From: Denis Rastyogin <gerben@altlinux.org>

dynamicProperty->val->int32 is now explicitly cast to unsigned long
before multiplying by 1024. This prevents potential overflow from
32-bit arithmetic when handling large VM memory values and
ensures correct scaling from megabytes to kilobytes.

Found by Linux Verification Center (linuxtesting.org) with SVACE.

Reported-by: Dmitriy Fedin <d.fedin@fobos-nt.ru>
Signed-off-by: Denis Rastyogin <gerben@altlinux.org>
---
 src/esx/esx_driver.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/esx/esx_driver.c b/src/esx/esx_driver.c
index 554fb3e18f..41ca2a9bc1 100644
--- a/src/esx/esx_driver.c
+++ b/src/esx/esx_driver.c
@@ -2052,7 +2052,7 @@ esxDomainGetInfo(virDomainPtr domain, virDomainInfoPt=
r info)
                 goto cleanup;
             }
=20
-            info->maxMem =3D dynamicProperty->val->int32 * 1024; /* Scale =
from megabyte to kilobyte */
+            info->maxMem =3D (unsigned long) dynamicProperty->val->int32 *=
 1024; /* Scale from megabyte to kilobyte */
         } else if (STREQ(dynamicProperty->name, "config.hardware.numCPU"))=
 {
             if (esxVI_AnyType_ExpectType(dynamicProperty->val,
                                          esxVI_Type_Int) < 0) {
--=20
2.42.2