From nobody Tue May 7 14:01:44 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org ARC-Seal: i=1; a=rsa-sha256; t=1596619464; cv=none; d=zohomail.com; s=zohoarc; b=ZfEXE8rrT4/1IExKxaJivpdElUcx6EzsOgFfUy0ZP5RQrdUK6sKKzDta04+c9JUWjtdG70ZqaNt/r+AQjSnfbfDDda+pZdwLyO1Psq3xcad9Qo13AkseCnaGlLYSmgCP8c6gqdUD9fwcdmLOYfRP1JpzOfreZVH9adKeXtoJweg= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1596619464; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Sender:Subject:To; bh=ahHOUIKjf/xF9hcR/5VlXrQxhMONnJJhOoURjD0q6os=; b=Zb7HiINd2ySYsj7kXJwhdm1O0qoY1pPck8Fj+XfMM8omCk8QSUIZQGda/P7WV0hhj8/orc6vP1I2vaAxkXn+OTgydAfK7XatuQZAg20zg5XUgdFEZLQsC9IV7c1xDi4ugfBEmJOLpZNMiZHbcJoW31KrKkgvuSfnxMYpSTdB76o= ARC-Authentication-Results: i=1; mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1596619464533539.2898341400214; Wed, 5 Aug 2020 02:24:24 -0700 (PDT) Received: from localhost ([::1]:34890 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1k3Fep-0007BI-3p for importer@patchew.org; Wed, 05 Aug 2020 05:24:23 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:58930) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1k3Fe5-0006gj-7n; Wed, 05 Aug 2020 05:23:37 -0400 Received: from smtp.h3c.com ([60.191.123.50]:43822 helo=h3cspam02-ex.h3c.com) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1k3Fe1-0004Y9-JK; Wed, 05 Aug 2020 05:23:36 -0400 Received: from DAG2EX09-IDC.srv.huawei-3com.com ([10.8.0.72]) by h3cspam02-ex.h3c.com with ESMTPS id 0759Mt4a003231 (version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=FAIL); Wed, 5 Aug 2020 17:22:55 +0800 (GMT-8) (envelope-from tu.guoyi@h3c.com) Received: from DAG2EX03-BASE.srv.huawei-3com.com (10.8.0.66) by DAG2EX09-IDC.srv.huawei-3com.com (10.8.0.72) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1713.5; Wed, 5 Aug 2020 17:22:58 +0800 Received: from DAG2EX03-BASE.srv.huawei-3com.com ([fe80::5d18:e01c:bbbd:c074]) by DAG2EX03-BASE.srv.huawei-3com.com ([fe80::5d18:e01c:bbbd:c074%7]) with mapi id 15.01.1713.004; Wed, 5 Aug 2020 17:22:58 +0800 From: Tuguoyi To: "kwolf@redhat.com" , "mreitz@redhat.com" , "qemu-block@nongnu.org" Subject: [PATCH] qcow2-cluster: Fix integer left shift error in qcow2_alloc_cluster_link_l2() Thread-Topic: [PATCH] qcow2-cluster: Fix integer left shift error in qcow2_alloc_cluster_link_l2() Thread-Index: AdZrCV/0aSDyco1VQNa8/fefsiaORg== Date: Wed, 5 Aug 2020 09:22:58 +0000 Message-ID: <81ba90fe0c014f269621c283269b42ad@h3c.com> Accept-Language: en-US Content-Language: zh-CN X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.125.108.131] x-sender-location: DAG2 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-DNSRBL: X-MAIL: h3cspam02-ex.h3c.com 0759Mt4a003231 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=60.191.123.50; envelope-from=tu.guoyi@h3c.com; helo=h3cspam02-ex.h3c.com X-detected-operating-system: by eggs.gnu.org: First seen = 2020/08/05 05:23:21 X-ACL-Warn: Detected OS = FreeBSD 9.x or newer [fuzzy] X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Gaoliang , Chengchiwen , "qemu-devel@nongnu.org" , Wangyong Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" When calculating the offset, the result of left shift operation will be pro= moted to type int64 automatically because the left operand of + operator is uint6= 4_t. but the result after integer promotion may be produce an error value for us= and trigger the following asserting error. For example, consider i=3D0x2000, cluster_bits=3D18, the result of left shi= ft operation will be 0x80000000. Cause argument i is of signed integer type, the result is automatically promoted to 0xffffffff80000000 which is not we expected The way to trigger the assertion error: qemu-img create -f qcow2 -o preallocation=3Dfull,cluster_size=3D256k tmpd= isk 10G This patch fix it by casting @i to uint64_t before doing left shift operati= on Signed-off-by: Guoyi Tu Reviewed-by: Alberto Garcia Reviewed-by: Eric Blake Reviewed-by: Kevin Wolf --- block/qcow2-cluster.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/block/qcow2-cluster.c b/block/qcow2-cluster.c index a677ba9..550850b 100644 --- a/block/qcow2-cluster.c +++ b/block/qcow2-cluster.c @@ -980,7 +980,7 @@ int qcow2_alloc_cluster_link_l2(BlockDriverState *bs, Q= CowL2Meta *m) =20 assert(l2_index + m->nb_clusters <=3D s->l2_slice_size); for (i =3D 0; i < m->nb_clusters; i++) { - uint64_t offset =3D cluster_offset + (i << s->cluster_bits); + uint64_t offset =3D cluster_offset + ((uint64_t)i << s->cluster_bi= ts); /* if two concurrent writes happen to the same unallocated cluster * each write allocates separate cluster and writes data concurren= tly. * The first one to complete updates l2 table with pointer to its --=20 2.7.4 -- Best regards, Guoyi