hw/block: fix uint32 overflow

The product bs->bl.zone_size * (bs->bl.nr_zones - 1) may overflow uint32. Found by Linux Verification Center (linuxtesting.org) with SVACE. Signed-off-by: Dmitry Frolov <frolov@swemel.ru> Message-id: 20240917080356.270576-2-frolov@swemel.ru Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
author: Dmitry Frolov <frolov@swemel.ru> 2024-09-17 11:03:18 +0300
committer: Stefan Hajnoczi <stefanha@redhat.com> 2024-09-17 12:12:30 +0200
commit: 89cd6254b80784a1b3f574407192493ef92fe65f (patch)
tree: f685377d7c644a506ed35caa56080221752b34b9 /hw
parent: ea9cdbcf3a0b8d5497cddf87990f1b39d8f3bb0a (diff)
download: qemu-89cd6254b80784a1b3f574407192493ef92fe65f.zip
qemu-89cd6254b80784a1b3f574407192493ef92fe65f.tar.gz
qemu-89cd6254b80784a1b3f574407192493ef92fe65f.tar.bz2
1 files changed, 1 insertions, 1 deletions
diff --git a/hw/block/virtio-blk.c b/hw/block/virtio-blk.c
index 73bdfd6..1157953 100644
--- a/hw/block/virtio-blk.c
+++ b/hw/block/virtio-blk.c
@@ -700,7 +700,7 @@ static int virtio_blk_handle_zone_mgmt(VirtIOBlockReq *req, BlockZoneOp op)
     } else {
         if (bs->bl.zone_size > capacity - offset) {
             /* The zoned device allows the last smaller zone. */
-            len = capacity - bs->bl.zone_size * (bs->bl.nr_zones - 1);
+            len = capacity - bs->bl.zone_size * (bs->bl.nr_zones - 1ull);
         } else {
             len = bs->bl.zone_size;
         }
author	Dmitry Frolov <frolov@swemel.ru>	2024-09-17 11:03:18 +0300
committer	Stefan Hajnoczi <stefanha@redhat.com>	2024-09-17 12:12:30 +0200
commit	89cd6254b80784a1b3f574407192493ef92fe65f (patch)
tree	f685377d7c644a506ed35caa56080221752b34b9 /hw
parent	ea9cdbcf3a0b8d5497cddf87990f1b39d8f3bb0a (diff)
download	qemu-89cd6254b80784a1b3f574407192493ef92fe65f.zip qemu-89cd6254b80784a1b3f574407192493ef92fe65f.tar.gz qemu-89cd6254b80784a1b3f574407192493ef92fe65f.tar.bz2