diff options
author | Eric Blake <eblake@redhat.com> | 2017-07-21 13:32:43 -0500 |
---|---|---|
committer | Kevin Wolf <kwolf@redhat.com> | 2017-07-24 15:06:04 +0200 |
commit | 24bae02b197d152c2b3e4e0ba95f7942a63bad32 (patch) | |
tree | bc5cba4a8995278f196b073f45706abd9c2198f3 /block | |
parent | 6c98c57af3f4fab85bdf5f01616c91322bd4312a (diff) | |
download | qemu-24bae02b197d152c2b3e4e0ba95f7942a63bad32.zip qemu-24bae02b197d152c2b3e4e0ba95f7942a63bad32.tar.gz qemu-24bae02b197d152c2b3e4e0ba95f7942a63bad32.tar.bz2 |
qcow2: Fix sector calculation in qcow2_measure()
We used MAX() instead of the intended MIN() when computing how many
sectors to view in the current loop iteration of qcow2_measure(),
and passed in a value of INT_MAX sectors instead of our more usual
limit of BDRV_REQUEST_MAX_SECTORS (the latter avoids 32-bit overflow
on conversion to bytes). For small files, the bug is harmless:
bdrv_get_block_status_above() clamps its *pnum answer to the BDS
size, regardless of any insanely larger input request. However, for
any file at least 2T in size, we can very easily end up going into an
infinite loop (the maximum of 0x100000000 sectors and INT_MAX is a
64-bit quantity, which becomes 0 when assigned to int; once nb_sectors
is 0, we never make progress).
Signed-off-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Diffstat (limited to 'block')
-rw-r--r-- | block/qcow2.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/block/qcow2.c b/block/qcow2.c index d5790af..90efa44 100644 --- a/block/qcow2.c +++ b/block/qcow2.c @@ -3669,8 +3669,8 @@ static BlockMeasureInfo *qcow2_measure(QemuOpts *opts, BlockDriverState *in_bs, for (sector_num = 0; sector_num < ssize / BDRV_SECTOR_SIZE; sector_num += pnum) { - int nb_sectors = MAX(ssize / BDRV_SECTOR_SIZE - sector_num, - INT_MAX); + int nb_sectors = MIN(ssize / BDRV_SECTOR_SIZE - sector_num, + BDRV_REQUEST_MAX_SECTORS); BlockDriverState *file; int64_t ret; |