From nobody Mon Feb 9 14:33:58 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) client-ip=208.118.235.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org Return-Path: Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) by mx.zohomail.com with SMTPS id 1502118237895559.4364477648215; Mon, 7 Aug 2017 08:03:57 -0700 (PDT) Received: from localhost ([::1]:37777 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dejZU-00061x-Ky for importer@patchew.org; Mon, 07 Aug 2017 11:03:56 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:48909) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dejJ0-0007IJ-Vw for qemu-devel@nongnu.org; Mon, 07 Aug 2017 10:47:10 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1dejIl-0003rp-HF for qemu-devel@nongnu.org; Mon, 07 Aug 2017 10:46:55 -0400 Received: from mx1.redhat.com ([209.132.183.28]:32900) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1dejIT-0003Xs-SR; Mon, 07 Aug 2017 10:46:22 -0400 Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com [10.5.11.16]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 96D026148C; Mon, 7 Aug 2017 14:46:20 +0000 (UTC) Received: from blackfin.pond.sub.org (ovpn-116-254.ams2.redhat.com [10.36.116.254]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 4CDD64D72A; Mon, 7 Aug 2017 14:46:19 +0000 (UTC) Received: by blackfin.pond.sub.org (Postfix, from userid 1000) id 53EF611385FB; Mon, 7 Aug 2017 16:46:00 +0200 (CEST) DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com 96D026148C Authentication-Results: ext-mx10.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=redhat.com Authentication-Results: ext-mx10.extmail.prod.ext.phx2.redhat.com; spf=fail smtp.mailfrom=armbru@redhat.com From: Markus Armbruster To: qemu-devel@nongnu.org Date: Mon, 7 Aug 2017 16:45:26 +0200 Message-Id: <1502117160-24655-23-git-send-email-armbru@redhat.com> In-Reply-To: <1502117160-24655-1-git-send-email-armbru@redhat.com> References: <1502117160-24655-1-git-send-email-armbru@redhat.com> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.39]); Mon, 07 Aug 2017 14:46:20 +0000 (UTC) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-Received-From: 209.132.183.28 Subject: [Qemu-devel] [RFC PATCH 22/56] block: Mix up signed and unsigned less in bdrv_img_create() X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: kwolf@redhat.com, famz@redhat.com, qemu-block@nongnu.org, quintela@redhat.com, jcody@redhat.com, dgilbert@redhat.com, mreitz@redhat.com, marcandre.lureau@redhat.com, pbonzini@redhat.com, jsnow@redhat.com Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" @size is declared int64_t. It's set in two places. The second one assigns the (signed) value of bdrv_getlength(), then errors out if its negative. The first one assigns qemu_opt_get_size(opts, BLOCK_OPT_SIZE, 0), i.e. an uint64_t value. What if it exceeds INT64_MAX? Is that even possible? Turns out it is: $ qemu-img create -o size=3D9223372036854775808 foo.img On closer examination, the code still works as long as converting from uint64_t to int64_t and back doesn't change the value. Implementation-defined behavior, but sane implementations behave. Things actually break elsewhere for such sizes, e.g. file-posix.c's raw_create(). Clean this up. Signed-off-by: Markus Armbruster --- block.c | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/block.c b/block.c index ce9cce7..04cce0d 100644 --- a/block.c +++ b/block.c @@ -4309,7 +4309,8 @@ void bdrv_img_create(const char *filename, const char= *fmt, QemuOptsList *create_opts =3D NULL; QemuOpts *opts =3D NULL; const char *backing_fmt, *backing_file; - int64_t size; + uint64_t size; + int64_t backing_size; BlockDriver *drv, *proto_drv; Error *local_err =3D NULL; int ret =3D 0; @@ -4414,7 +4415,7 @@ void bdrv_img_create(const char *filename, const char= *fmt, bs =3D bdrv_open(full_backing, NULL, backing_options, back_flags, &local_err); g_free(full_backing); - if (!bs && size !=3D -1) { + if (!bs && size !=3D UINT64_MAX) { /* Couldn't open BS, but we have a size, so it's nonfatal */ warn_reportf_err(local_err, "Could not verify backing image. " @@ -4426,22 +4427,24 @@ void bdrv_img_create(const char *filename, const ch= ar *fmt, "Could not open backing image to determine s= ize.\n"); goto out; } else { - if (size =3D=3D -1) { + if (size =3D=3D UINT64_MAX) { /* Opened BS, have no size */ - size =3D bdrv_getlength(bs); - if (size < 0) { - error_setg_errno(errp, -size, "Could not get size of '= %s'", + backing_size =3D bdrv_getlength(bs); + if (backing_size < 0) { + error_setg_errno(errp, -backing_size, + "Could not get size of '%s'", backing_file); bdrv_unref(bs); goto out; } + size =3D backing_size; qemu_opt_set_number(opts, BLOCK_OPT_SIZE, size, &error_abo= rt); } bdrv_unref(bs); } } /* (backing_file && !(flags & BDRV_O_NO_BACKING)) */ =20 - if (size =3D=3D -1) { + if (size =3D=3D UINT64_MAX) { error_setg(errp, "Image creation needs a size parameter"); goto out; } --=20 2.7.5