On 06/07/2011 07:34 AM, Matthias Bolte wrote:
2011/6/6 Eric Blake <eblake@redhat.com>:
Detected by Coverity. The code was doing math on shifted unsigned char (which promotes to int), then promoting that to unsigned long during assignment to size. On 64-bit platforms, this risks sign extending values of size > 2GiB. Bug present since commit 489fd3 (v0.6.0).
+#include <stdint.h> #ifdef __linux__ # if HAVE_LINUX_MAGIC_H # include <linux/magic.h> @@ -274,7 +275,7 @@ qcowXGetBackingStore(char **res, bool isQCow2) { unsigned long long offset; - unsigned long size; + uint32_t size;
*res = NULL; if (format)
Using unsigned int instead of uint32_t would also work and avoid stdint.h types that the libvirt codebase avoids.
Sure, I'll push with that tweak. -- Eric Blake eblake@redhat.com +1-801-349-2682 Libvirt virtualization library http://libvirt.org