e2image: fix overflow in l2 table processing

For a large partition during e2image capture process
it is possible to overflow offset at multiply operation.
This leads to the situation when data is written to the
position at the start of the image instead of the image end.

Let's use the right cast to avoid integer overflow.

Signed-off-by: Alexey Lyashkov <c17817@cray.com>
Signed-off-by: Artem Blagodarenko <c17828@cray.com>
HPE-bug-id: LUS-9368
Signed-off-by: Theodore Ts'o <tytso@mit.edu>

diff --git a/lib/ext2fs/qcow2.c b/lib/ext2fs/qcow2.c
index ee701f7a38af0c14ff45c7efe61c07e5f3b57dce..208241707736e4e181b75450a99ca6c6d9d4fd4f 100644 (file)
--- a/lib/ext2fs/qcow2.c
+++ b/lib/ext2fs/qcow2.c
@@ -238,7 +238,7 @@ int qcow2_write_raw_image(int qcow2_fd, int raw_fd,
                        if (offset == 0)
                                continue;
 
-                       off_out = (l1_index * img.l2_size) +
+                       off_out = ((__u64)l1_index * img.l2_size) +
                                  l2_index;
                        off_out <<= img.cluster_bits;
                        ret = qcow2_copy_data(qcow2_fd, raw_fd, offset,