From nobody Sun Feb  8 06:05:08 2026
Delivered-To: importer@patchew.org
Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as
 permitted sender) client-ip=208.118.235.17;
 envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org;
 helo=lists.gnu.org;
Authentication-Results: mx.zohomail.com;
	dkim=fail;
	spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted
 sender)  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org
Return-Path: <qemu-devel-bounces+importer=patchew.org@nongnu.org>
Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) by
 mx.zohomail.com
	with SMTPS id 1532381819768884.6964566450722;
 Mon, 23 Jul 2018 14:36:59 -0700 (PDT)
Received: from localhost ([::1]:36837 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <qemu-devel-bounces+importer=patchew.org@nongnu.org>)
	id 1fhiVj-0004vG-MR
	for importer@patchew.org; Mon, 23 Jul 2018 17:36:55 -0400
Received: from eggs.gnu.org ([2001:4830:134:3::10]:43745)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <flukshun@gmail.com>) id 1fhhLU-0004gR-Ul
	for qemu-devel@nongnu.org; Mon, 23 Jul 2018 16:22:17 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <flukshun@gmail.com>) id 1fhhLS-0005n1-SF
	for qemu-devel@nongnu.org; Mon, 23 Jul 2018 16:22:16 -0400
Received: from mail-oi0-x234.google.com ([2607:f8b0:4003:c06::234]:34583)
	by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16)
	(Exim 4.71) (envelope-from <flukshun@gmail.com>)
	id 1fhhLS-0005mg-MF; Mon, 23 Jul 2018 16:22:14 -0400
Received: by mail-oi0-x234.google.com with SMTP id 13-v6so3513838ois.1;
	Mon, 23 Jul 2018 13:22:14 -0700 (PDT)
Received: from localhost (76-251-165-188.lightspeed.austtx.sbcglobal.net.
	[76.251.165.188]) by smtp.gmail.com with ESMTPSA id
	c9-v6sm7630018oia.1.2018.07.23.13.22.12
	(version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256);
	Mon, 23 Jul 2018 13:22:12 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
	h=sender:from:to:cc:subject:date:message-id:in-reply-to:references;
	bh=zl5gJC5obhC0MBm28OD2j4AFk6EnvP2x7EwRP0sNiDk=;
	b=pPgSkMhzwekaU0ui3nydfipqfOYf9eXcP0UF2Qnv3AupDJM5l1ZcLp4dP1GvEAe1t/
	tb97DRgsZ54Axg6HwgbLaSXJ1WKp9V9PRffCZuWFrJP7Ehz8RNgBvNuBKN7vZdjujp4V
	DS+MQr9cxzmPtNatSdX1bPMG2yWQoQkdnfKQYUa6nr+KRxcGNpRc1VXm4tkmO+3mNfeK
	uFYCzyyBrmLXjZYfYYNcRp69GB6AsnSx/OS4KvTVVbQTND4SCkXsqy79u992Vv33oWm6
	aL+lkHUGNV5u/BIUCiBx8vUQugKtdhduhgbnk5YzW47r4sdVxk+YCtOyGJzNstO2gX/Y
	tG4w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:sender:from:to:cc:subject:date:message-id
	:in-reply-to:references;
	bh=zl5gJC5obhC0MBm28OD2j4AFk6EnvP2x7EwRP0sNiDk=;
	b=SgH9gw2RfxSZCkYlc2/pIKtLkeowqh12pMq6FtOZwGiV2x9Ev2H7Zt3CPTtUONhGmI
	tRXvPAGNdtDR5L0ejnXn3uYbkRgJ5f+geXCmwX1tiYTAF1Nnm4aOqa1WHDakDaLsCGJH
	NgohHVRELHODpJURCAu9yd9GSkhlXeFeYTarTWU72SehCU/DlDbeYkjy2s8bKGROzxrL
	xqMI4TnKToh2dAIbOCjNkcvLAufjK1CHac5jBuiKAS2pngYAaKhpjh0nq33hN9RI9SCR
	84q4GPgVTZfx5jlnmNndbGUZXL7WXSEtS5N4+g//W8HnDabp8lFmA17Rah247+uU6TRH
	w0Ow==
X-Gm-Message-State: AOUpUlFBnE6cystoqBH2MiSUXY6gnQfSES6jxl0gu7u3o5cFiSlkN174
	xmN5N70U9DsKhkTJg3RQ2QLQDGIZttTmzQ==
X-Google-Smtp-Source: 
 AAOMgpc184YUTKezIQORGGPwDd8yHP2N8lIqgFTzNtdeujcUpYZE4Pa2CV8Izpn4BMGb7+XRYqY03Q==
X-Received: by 2002:aca:f0d7:: with SMTP id
	o206-v6mr344765oih.200.1532377333456;
	Mon, 23 Jul 2018 13:22:13 -0700 (PDT)
From: Michael Roth <mdroth@linux.vnet.ibm.com>
To: qemu-devel@nongnu.org
Date: Mon, 23 Jul 2018 15:17:47 -0500
Message-Id: <20180723201748.25573-99-mdroth@linux.vnet.ibm.com>
X-Mailer: git-send-email 2.17.1
In-Reply-To: <20180723201748.25573-1-mdroth@linux.vnet.ibm.com>
References: <20180723201748.25573-1-mdroth@linux.vnet.ibm.com>
X-detected-operating-system: by eggs.gnu.org: Genre and OS details not
	recognized.
X-Received-From: 2607:f8b0:4003:c06::234
Subject: [Qemu-devel] [PATCH 98/99] qemu-img: avoid overflow of min_sparse
 parameter
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel/>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Cc: Kevin Wolf <kwolf@redhat.com>, Peter Lieven <pl@kamp.de>,
	qemu-stable@nongnu.org
Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org
Sender: "Qemu-devel" <qemu-devel-bounces+importer=patchew.org@nongnu.org>
X-ZohoMail-DKIM: fail (Header signature does not verify)
X-ZohoMail: RDKM_2  RSF_0  Z_629925259 SPT_0
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"

From: Peter Lieven <pl@kamp.de>

the min_sparse convert parameter can overflow (e.g. -S 1024G)
in the conversion from int64_t to int resulting in a negative
min_sparse parameter. Avoid this by limiting the valid parameters
to sane values. In fact anything exceeding the convert buffer size
is also pointless. While at it also forbid values that are non
multiple of 512 to avoid undesired behaviour. For instance, values
between 1 and 511 were legal, but resulted in full allocation.

Cc: qemu-stable@nongnu.org
Signed-off-by: Peter Lieven <pl@kamp.de>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
(cherry picked from commit 6360ab278cc1ac3e1235e0755e4cba1f918e6f3c)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
---
 qemu-img.c | 16 +++++++++++-----
 1 file changed, 11 insertions(+), 5 deletions(-)

diff --git a/qemu-img.c b/qemu-img.c
index a8e2b53dc6..1a055b4424 100644
--- a/qemu-img.c
+++ b/qemu-img.c
@@ -1912,6 +1912,8 @@ static int convert_do_copy(ImgConvertState *s)
     return s->ret;
 }
=20
+#define MAX_BUF_SECTORS 32768
+
 static int img_convert(int argc, char **argv)
 {
     int c, bs_i, flags, src_flags =3D 0;
@@ -2008,8 +2010,12 @@ static int img_convert(int argc, char **argv)
             int64_t sval;
=20
             sval =3D cvtnum(optarg);
-            if (sval < 0) {
-                error_report("Invalid minimum zero buffer size for sparse =
output specified");
+            if (sval < 0 || sval & (BDRV_SECTOR_SIZE - 1) ||
+                sval / BDRV_SECTOR_SIZE > MAX_BUF_SECTORS) {
+                error_report("Invalid buffer size for sparse output specif=
ied. "
+                    "Valid sizes are multiples of %llu up to %llu. Select "
+                    "0 to disable sparse detection (fully allocates output=
).",
+                    BDRV_SECTOR_SIZE, MAX_BUF_SECTORS * BDRV_SECTOR_SIZE);
                 goto fail_getopt;
             }
=20
@@ -2297,9 +2303,9 @@ static int img_convert(int argc, char **argv)
     }
=20
     /* increase bufsectors from the default 4096 (2M) if opt_transfer
-     * or discard_alignment of the out_bs is greater. Limit to 32768 (16MB)
-     * as maximum. */
-    s.buf_sectors =3D MIN(32768,
+     * or discard_alignment of the out_bs is greater. Limit to
+     * MAX_BUF_SECTORS as maximum which is currently 32768 (16MB). */
+    s.buf_sectors =3D MIN(MAX_BUF_SECTORS,
                         MAX(s.buf_sectors,
                             MAX(out_bs->bl.opt_transfer >> BDRV_SECTOR_BIT=
S,
                                 out_bs->bl.pdiscard_alignment >>
--=20
2.17.1