On 1/16/19 2:23 AM, Vladimir Sementsov-Ogievskiy wrote:
>
> Interesting, decided to search a bit, about don't we have an overflow,
> when adding request.offset to exp.dev_offset and found in
> nbd_co_receive_request:
>
> if (request->from > client->exp->size ||
> request->from + request->len > client->exp->size) {
uint64_t + uint32_t > uint64_t
>
> shouldn't it be
>
> if (request->from > client->exp->size ||
> request->len > client->exp->size - request->from) {
>
> to avoid overflow?
You are correct that the canonical way to check for overflow is to
compare against subtraction, rather than do addition before compare.
But we got lucky: even though client->exp->size is uint64_t, in practice
it can only represent at most off_t (remember, off_t is signed), so the
first leg of the branch proves that request->from fits in 63 bits, and
thus the second is performing 63-bit + 32-bit which can be at most 64
bits, and therefore does not overflow. Still, I might rewrite it.
--
Eric Blake, Principal Software Engineer
Red Hat, Inc. +1-919-301-3226
Virtualization: qemu.org | libvirt.org
signature.asc
Description: OpenPGP digital signature
