aboutsummaryrefslogtreecommitdiff
path: root/block
diff options
context:
space:
mode:
authorEric Blake <eblake@redhat.com>2017-07-21 13:32:43 -0500
committerKevin Wolf <kwolf@redhat.com>2017-07-24 15:06:04 +0200
commit24bae02b197d152c2b3e4e0ba95f7942a63bad32 (patch)
treebc5cba4a8995278f196b073f45706abd9c2198f3 /block
parent6c98c57af3f4fab85bdf5f01616c91322bd4312a (diff)
downloadqemu-24bae02b197d152c2b3e4e0ba95f7942a63bad32.zip
qemu-24bae02b197d152c2b3e4e0ba95f7942a63bad32.tar.gz
qemu-24bae02b197d152c2b3e4e0ba95f7942a63bad32.tar.bz2
qcow2: Fix sector calculation in qcow2_measure()
We used MAX() instead of the intended MIN() when computing how many sectors to view in the current loop iteration of qcow2_measure(), and passed in a value of INT_MAX sectors instead of our more usual limit of BDRV_REQUEST_MAX_SECTORS (the latter avoids 32-bit overflow on conversion to bytes). For small files, the bug is harmless: bdrv_get_block_status_above() clamps its *pnum answer to the BDS size, regardless of any insanely larger input request. However, for any file at least 2T in size, we can very easily end up going into an infinite loop (the maximum of 0x100000000 sectors and INT_MAX is a 64-bit quantity, which becomes 0 when assigned to int; once nb_sectors is 0, we never make progress). Signed-off-by: Eric Blake <eblake@redhat.com> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Diffstat (limited to 'block')
-rw-r--r--block/qcow2.c4
1 files changed, 2 insertions, 2 deletions
diff --git a/block/qcow2.c b/block/qcow2.c
index d5790af..90efa44 100644
--- a/block/qcow2.c
+++ b/block/qcow2.c
@@ -3669,8 +3669,8 @@ static BlockMeasureInfo *qcow2_measure(QemuOpts *opts, BlockDriverState *in_bs,
for (sector_num = 0;
sector_num < ssize / BDRV_SECTOR_SIZE;
sector_num += pnum) {
- int nb_sectors = MAX(ssize / BDRV_SECTOR_SIZE - sector_num,
- INT_MAX);
+ int nb_sectors = MIN(ssize / BDRV_SECTOR_SIZE - sector_num,
+ BDRV_REQUEST_MAX_SECTORS);
BlockDriverState *file;
int64_t ret;