conf: Catch memory size overflow earlier

virDomainParseMemory parses the size and then rounds up while converting
it to kibibytes. Since the number is limit-checked before the rounding
it's possible to use a number that would be correctly parsed the first
time, but not the second time. For numbers not limited to 32 bit systems
the magic is 9223372036854775807 bytes. That number then can't be parsed
back in kibibytes.

To solve the issue add a second overflow check for the few values that
would cause the problem. Since virDomainParseMemory is used in config
parsing, this avoids vanishing VMs.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1221504

diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index d49d70f866fc00481ae972dd92b8c825350c064a..b3cef0d502f9dd9a1ac53ab6bde60a9d87592341 100644 (file)
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -7238,6 +7238,13 @@ virDomainParseMemory(const char *xpath,
 
     /* Yes, we really do use kibibytes for our internal sizing.  */
     *mem = VIR_DIV_UP(bytes, 1024);
+
+    if (*mem >= VIR_DIV_UP(max, 1024)) {
+        virReportError(VIR_ERR_OVERFLOW, "%s", _("size value too large"));
+        ret = -1;
+        goto cleanup;
+    }
+
     ret = 0;
  cleanup:
     return ret;