git.ipfire.org Git - thirdparty/qemu.git/commit

author	Max Reitz <mreitz@redhat.com>
	Thu, 10 Oct 2019 10:08:57 +0000 (12:08 +0200)
committer	Michael Roth <mdroth@linux.vnet.ibm.com>
	Mon, 4 Nov 2019 14:15:25 +0000 (08:15 -0600)
commit	9e51c5306cffe1a0904d1a31fcf454c436ce8a13
tree	a05bd12f8163c7672bcb73a0647b5c6a5bd2c04c	tree
parent	aae0faa5d3bee91c66dc4c1543190f55a242771e	commit \| diff

qcow2: Limit total allocation range to INT_MAX

When the COW areas are included, the size of an allocation can exceed
INT_MAX. This is kind of limited by handle_alloc() in that it already
caps avail_bytes at INT_MAX, but the number of clusters still reflects
the original length.

This can have all sorts of effects, ranging from the storage layer write
call failing to image corruption. (If there were no image corruption,
then I suppose there would be data loss because the .cow_end area is
forced to be empty, even though there might be something we need to
COW.)

Fix all of it by limiting nb_clusters so the equivalent number of bytes
will not exceed INT_MAX.

Cc: qemu-stable@nongnu.org
Signed-off-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
(cherry picked from commit d1b9d19f99586b33795e20a79f645186ccbc070f)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>