From: Peter Xu Date: Fri, 20 Jul 2018 03:47:13 +0000 (+0800) Subject: migration: fix potential overflow in multifd send X-Git-Tag: v3.0.0-rc2~1^2~6 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=4fcefd44a074008e490ff54c3c28a08b8dbfb14b;p=thirdparty%2Fqemu.git migration: fix potential overflow in multifd send I would guess it won't happen normally, but this should ease Coverity. >>> CID 1394385: Integer handling issues (OVERFLOW_BEFORE_WIDEN) >>> Potentially overflowing expression "pages->used * 8192U" with type "unsigned int" (32 bits, unsigned) is evaluated using 32-bit arithmetic, and then used in a context that expects an expression of type "uint64_t" (64 bits, unsigned). 854 transferred = pages->used * TARGET_PAGE_SIZE + p->packet_len; Fixes: CID 1394385 CC: Juan Quintela Signed-off-by: Peter Xu Message-Id: <20180720034713.11711-1-peterx@redhat.com> Reviewed-by: Juan Quintela Signed-off-by: Dr. David Alan Gilbert --- diff --git a/migration/ram.c b/migration/ram.c index 52dd678092e..fdd108475c6 100644 --- a/migration/ram.c +++ b/migration/ram.c @@ -851,7 +851,7 @@ static void multifd_send_pages(void) p->pages->block = NULL; multifd_send_state->pages = p->pages; p->pages = pages; - transferred = pages->used * TARGET_PAGE_SIZE + p->packet_len; + transferred = ((uint64_t) pages->used) * TARGET_PAGE_SIZE + p->packet_len; ram_counters.multifd_bytes += transferred; ram_counters.transferred += transferred;; qemu_mutex_unlock(&p->mutex);