From nobody Wed Dec 17 05:39:33 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) client-ip=208.118.235.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=redhat.com Return-Path: Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) by mx.zohomail.com with SMTPS id 1532364491583974.9013702448697; Mon, 23 Jul 2018 09:48:11 -0700 (PDT) Received: from localhost ([::1]:35612 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fhe0I-0003P8-Dx for importer@patchew.org; Mon, 23 Jul 2018 12:48:10 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:51029) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fhdxt-0002DN-Ii for qemu-devel@nongnu.org; Mon, 23 Jul 2018 12:45:42 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1fhdxs-0005Ab-GM for qemu-devel@nongnu.org; Mon, 23 Jul 2018 12:45:41 -0400 Received: from mx3-rdu2.redhat.com ([66.187.233.73]:49852 helo=mx1.redhat.com) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1fhdxp-00058S-Ic; Mon, 23 Jul 2018 12:45:37 -0400 Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.rdu2.redhat.com [10.11.54.5]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id F1E6840241C2; Mon, 23 Jul 2018 16:45:36 +0000 (UTC) Received: from localhost.localdomain.com (ovpn-117-83.ams2.redhat.com [10.36.117.83]) by smtp.corp.redhat.com (Postfix) with ESMTP id 26A477C3B; Mon, 23 Jul 2018 16:45:36 +0000 (UTC) From: Kevin Wolf To: qemu-block@nongnu.org Date: Mon, 23 Jul 2018 18:45:26 +0200 Message-Id: <20180723164530.26599-4-kwolf@redhat.com> In-Reply-To: <20180723164530.26599-1-kwolf@redhat.com> References: <20180723164530.26599-1-kwolf@redhat.com> X-Scanned-By: MIMEDefang 2.79 on 10.11.54.5 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.7]); Mon, 23 Jul 2018 16:45:37 +0000 (UTC) X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.7]); Mon, 23 Jul 2018 16:45:37 +0000 (UTC) for IP:'10.11.54.5' DOMAIN:'int-mx05.intmail.prod.int.rdu2.redhat.com' HELO:'smtp.corp.redhat.com' FROM:'kwolf@redhat.com' RCPT:'' X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-Received-From: 66.187.233.73 Subject: [Qemu-devel] [PULL 3/7] qemu-img: avoid overflow of min_sparse parameter X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: kwolf@redhat.com, peter.maydell@linaro.org, qemu-devel@nongnu.org Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" From: Peter Lieven the min_sparse convert parameter can overflow (e.g. -S 1024G) in the conversion from int64_t to int resulting in a negative min_sparse parameter. Avoid this by limiting the valid parameters to sane values. In fact anything exceeding the convert buffer size is also pointless. While at it also forbid values that are non multiple of 512 to avoid undesired behaviour. For instance, values between 1 and 511 were legal, but resulted in full allocation. Cc: qemu-stable@nongnu.org Signed-off-by: Peter Lieven Signed-off-by: Kevin Wolf --- qemu-img.c | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) diff --git a/qemu-img.c b/qemu-img.c index 4a7ce43dc9..9b7506b8ae 100644 --- a/qemu-img.c +++ b/qemu-img.c @@ -2005,6 +2005,8 @@ static int convert_do_copy(ImgConvertState *s) return s->ret; } =20 +#define MAX_BUF_SECTORS 32768 + static int img_convert(int argc, char **argv) { int c, bs_i, flags, src_flags =3D 0; @@ -2100,8 +2102,12 @@ static int img_convert(int argc, char **argv) int64_t sval; =20 sval =3D cvtnum(optarg); - if (sval < 0) { - error_report("Invalid minimum zero buffer size for sparse = output specified"); + if (sval < 0 || sval & (BDRV_SECTOR_SIZE - 1) || + sval / BDRV_SECTOR_SIZE > MAX_BUF_SECTORS) { + error_report("Invalid buffer size for sparse output specif= ied. " + "Valid sizes are multiples of %llu up to %llu. Select " + "0 to disable sparse detection (fully allocates output= ).", + BDRV_SECTOR_SIZE, MAX_BUF_SECTORS * BDRV_SECTOR_SIZE); goto fail_getopt; } =20 @@ -2385,9 +2391,9 @@ static int img_convert(int argc, char **argv) } =20 /* increase bufsectors from the default 4096 (2M) if opt_transfer - * or discard_alignment of the out_bs is greater. Limit to 32768 (16MB) - * as maximum. */ - s.buf_sectors =3D MIN(32768, + * or discard_alignment of the out_bs is greater. Limit to + * MAX_BUF_SECTORS as maximum which is currently 32768 (16MB). */ + s.buf_sectors =3D MIN(MAX_BUF_SECTORS, MAX(s.buf_sectors, MAX(out_bs->bl.opt_transfer >> BDRV_SECTOR_BIT= S, out_bs->bl.pdiscard_alignment >> --=20 2.13.6