From 85429611389df4beca593a2f2c49fde7bb26b2d4 Mon Sep 17 00:00:00 2001 From: Kevin Wolf Date: Wed, 26 Mar 2014 13:05:51 +0100 Subject: [PATCH] qcow2: Fix types in qcow2_alloc_clusters and alloc_clusters_noref In order to avoid integer overflows. Signed-off-by: Kevin Wolf Reviewed-by: Max Reitz Signed-off-by: Stefan Hajnoczi (cherry picked from commit bb572aefbdac290363bfa5ca0e810ccce0a14ed6) Conflicts: block/qcow2.h --- block/qcow2-refcount.c | 11 ++++++----- block/qcow2.h | 6 +++--- 2 files changed, 9 insertions(+), 8 deletions(-) diff --git a/block/qcow2-refcount.c b/block/qcow2-refcount.c index 3cdcfb6..d424c22 100644 --- a/block/qcow2-refcount.c +++ b/block/qcow2-refcount.c @@ -26,7 +26,7 @@ #include "block/block_int.h" #include "block/qcow2.h" -static int64_t alloc_clusters_noref(BlockDriverState *bs, int64_t size); +static int64_t alloc_clusters_noref(BlockDriverState *bs, uint64_t size); static int QEMU_WARN_UNUSED_RESULT update_refcount(BlockDriverState *bs, int64_t offset, int64_t length, int addend, enum qcow2_discard_type type); @@ -632,15 +632,16 @@ static int update_cluster_refcount(BlockDriverState *bs, /* return < 0 if error */ -static int64_t alloc_clusters_noref(BlockDriverState *bs, int64_t size) +static int64_t alloc_clusters_noref(BlockDriverState *bs, uint64_t size) { BDRVQcowState *s = bs->opaque; - int i, nb_clusters, refcount; + uint64_t i, nb_clusters; + int refcount; nb_clusters = size_to_clusters(s, size); retry: for(i = 0; i < nb_clusters; i++) { - int64_t next_cluster_index = s->free_cluster_index++; + uint64_t next_cluster_index = s->free_cluster_index++; refcount = get_refcount(bs, next_cluster_index); if (refcount < 0) { @@ -657,7 +658,7 @@ retry: return (s->free_cluster_index - nb_clusters) << s->cluster_bits; } -int64_t qcow2_alloc_clusters(BlockDriverState *bs, int64_t size) +int64_t qcow2_alloc_clusters(BlockDriverState *bs, uint64_t size) { int64_t offset; int ret; diff --git a/block/qcow2.h b/block/qcow2.h index e802c55..baf62a0 100644 --- a/block/qcow2.h +++ b/block/qcow2.h @@ -210,8 +210,8 @@ typedef struct BDRVQcowState { uint64_t *refcount_table; uint64_t refcount_table_offset; uint32_t refcount_table_size; - int64_t free_cluster_index; - int64_t free_byte_offset; + uint64_t free_cluster_index; + uint64_t free_byte_offset; CoMutex lock; @@ -408,7 +408,7 @@ int qcow2_update_header(BlockDriverState *bs); int qcow2_refcount_init(BlockDriverState *bs); void qcow2_refcount_close(BlockDriverState *bs); -int64_t qcow2_alloc_clusters(BlockDriverState *bs, int64_t size); +int64_t qcow2_alloc_clusters(BlockDriverState *bs, uint64_t size); int qcow2_alloc_clusters_at(BlockDriverState *bs, uint64_t offset, int nb_clusters); int64_t qcow2_alloc_bytes(BlockDriverState *bs, int size);