All of lore.kernel.org
 help / color / mirror / Atom feed
* [PATCH] e2image: fix overflow in l2 table processing
@ 2021-04-22  5:24 Artem Blagodarenko
  2021-05-07 22:49 ` Theodore Ts'o
  0 siblings, 1 reply; 2+ messages in thread
From: Artem Blagodarenko @ 2021-04-22  5:24 UTC (permalink / raw)
  To: linux-ext4
  Cc: adilger.kernel, Artem Blagodarenko, Alexey Lyashkov, Artem Blagodarenko

For a large partition during e2image capture process
it is possible to overflow offset at multiply operation.
This leads to the situation when data is written to the
position at the start of the image instead of the image end.

Let's use the right cast to avoid integer overflow.

Signed-off-by: Alexey Lyashkov <c17817@cray.com>
Signed-off-by: Artem Blagodarenko <c17828@cray.com>
HPE-bug-id: LUS-9368
---
 lib/ext2fs/qcow2.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/ext2fs/qcow2.c b/lib/ext2fs/qcow2.c
index ee701f7a..20824170 100644
--- a/lib/ext2fs/qcow2.c
+++ b/lib/ext2fs/qcow2.c
@@ -238,7 +238,7 @@ int qcow2_write_raw_image(int qcow2_fd, int raw_fd,
 			if (offset == 0)
 				continue;
 
-			off_out = (l1_index * img.l2_size) +
+			off_out = ((__u64)l1_index * img.l2_size) +
 				  l2_index;
 			off_out <<= img.cluster_bits;
 			ret = qcow2_copy_data(qcow2_fd, raw_fd, offset,
-- 
2.18.4


^ permalink raw reply related	[flat|nested] 2+ messages in thread
* Re: [PATCH] e2image: fix overflow in l2 table processing
  2021-04-22  5:24 [PATCH] e2image: fix overflow in l2 table processing Artem Blagodarenko
@ 2021-05-07 22:49 ` Theodore Ts'o
  0 siblings, 0 replies; 2+ messages in thread
From: Theodore Ts'o @ 2021-05-07 22:49 UTC (permalink / raw)
  To: Artem Blagodarenko
  Cc: linux-ext4, adilger.kernel, Alexey Lyashkov, Artem Blagodarenko

On Thu, Apr 22, 2021 at 01:24:48AM -0400, Artem Blagodarenko wrote:
> For a large partition during e2image capture process
> it is possible to overflow offset at multiply operation.
> This leads to the situation when data is written to the
> position at the start of the image instead of the image end.
> 
> Let's use the right cast to avoid integer overflow.
> 
> Signed-off-by: Alexey Lyashkov <c17817@cray.com>
> Signed-off-by: Artem Blagodarenko <c17828@cray.com>
> HPE-bug-id: LUS-9368

Thanks, applied.

					- Ted

^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2021-05-07 22:50 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-04-22  5:24 [PATCH] e2image: fix overflow in l2 table processing Artem Blagodarenko
2021-05-07 22:49 ` Theodore Ts'o

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.