util: Data overrun may lead to divide by zero

Commit 87a8a30d6 added the function based on the virsh function,
but used an unsigned long long instead of a double and thus that
limits the maximum result.

Signed-off-by: John Ferlan <jferlan@redhat.com>
ACKed-by: Michal Privoznik <mprivozn@redhat.com>

diff --git a/src/util/virutil.c b/src/util/virutil.c
index b5b949ab2200aea317e0e3caed07972e41c54f89..c0783ecb285bd5b8142e0d0f695415bf9bb2dc02 100644 (file)
--- a/src/util/virutil.c
+++ b/src/util/virutil.c
@@ -491,6 +491,10 @@ virFormatIntDecimal(char *buf, size_t buflen, int val)
  *
  * Similar to vshPrettyCapacity, but operates on integers and not doubles
  *
+ * NB: Since using unsigned long long, we are limited to at most a "PiB"
+ *     to make pretty. This is because a PiB is 1152921504606846976 bytes,
+ *     but that value * 1024 > ULLONG_MAX value 18446744073709551615 bytes.
+ *
  * Returns shortened value that can be used with @unit.
  */
 unsigned long long
@@ -524,12 +528,7 @@ virFormatIntPretty(unsigned long long val,
         return val / (limit / 1024);
     }
     limit *= 1024;
-    if (val % limit) {
-        *unit = "PiB";
-        return val / (limit / 1024);
-    }
-    limit *= 1024;
-    *unit = "EiB";
+    *unit = "PiB";
     return val / (limit / 1024);
 }