diff options
| author | Max Reitz <mreitz@redhat.com> | 2017-11-14 19:41:27 +0100 |
|---|---|---|
| committer | Max Reitz <mreitz@redhat.com> | 2017-11-17 18:21:31 +0100 |
| commit | 08546bcfb260c28141e27cf3367c443528602fc0 (patch) | |
| tree | f3279d9709f81852b0fabe176b18e7ee708b0ceb /qapi/qapi-clone-visitor.c | |
| parent | 4efb1f7c612ff35badc8f8cbda78ac891fabf20a (diff) | |
| download | focaccia-qemu-08546bcfb260c28141e27cf3367c443528602fc0.tar.gz focaccia-qemu-08546bcfb260c28141e27cf3367c443528602fc0.zip | |
qcow2: Fix overly broad madvise()
@mem_size and @offset are both size_t, thus subtracting them from one another will just return a big size_t if mem_size < offset -- even more obvious here because the result is stored in another size_t. Checking that result to be positive is therefore not sufficient to exclude the case that offset > mem_size. Thus, we currently sometimes issue an madvise() over a very large address range. This is triggered by iotest 163, but with -m64, this does not result in tangible problems. But with -m32, this test produces three segfaults, all of which are fixed by this patch. Signed-off-by: Max Reitz <mreitz@redhat.com> Message-id: 20171114184127.24238-1-mreitz@redhat.com Reviewed-by: Eric Blake <eblake@redhat.com> Reviewed-by: Alberto Garcia <berto@igalia.com> Reviewed-by: Darren Kenny <darren.kenny@oracle.com> Signed-off-by: Max Reitz <mreitz@redhat.com>
Diffstat (limited to 'qapi/qapi-clone-visitor.c')
0 files changed, 0 insertions, 0 deletions