« Previous | Next » 

Revision 33304ec9

ID33304ec9fa484e765c6249673e09e1b7d49c5b85

Added by Hu Tao about 10 years ago

qcow2: fix offset overflow in qcow2_alloc_clusters_at()

When cluster size is big enough it can lead to an offset overflow
in qcow2_alloc_clusters_at(). This patch fixes it.

The allocation is stopped each time at L2 table boundary
(see handle_alloc()), so the possible maximum bytes could be

2^(cluster_bits - 3 + cluster_bits)

cluster_bits - 3 is used to compute the number of entry by L2
and the additional cluster_bits is to take into account each
clusters referenced by the L2 entries.

so int is safe for cluster_bits<=17, unsafe otherwise.

Signed-off-by: Hu Tao <>
Reviewed-by: Max Reitz <>
Reviewed-by: Benoit Canet <>
Signed-off-by: Kevin Wolf <>

Files

  • added
  • modified
  • copied
  • renamed
  • deleted

View differences