On 2014-11-11 at 01:29, Eric Blake wrote:
On 11/10/2014 06:45 AM, Max Reitz wrote:
Add helper functions for getting and setting refcounts in a refcount
array for any possible refcount order, and choose the correct one during
refcount initialization.
Signed-off-by: Max Reitz <mre...@redhat.com>
---
block/qcow2-refcount.c | 143 ++++++++++++++++++++++++++++++++++++++++++++++++-
1 file changed, 141 insertions(+), 2 deletions(-)
+
+static uint64_t get_refcount_ro6(const void *refcount_array, uint64_t index)
+{
+ return be64_to_cpu(((const uint64_t *)refcount_array)[index]);
+}
Should this return int64_t and error out if the user ever exceeded 2**63
via image fuzzing?
I don't know. It's nice that these helper functions cannot return an
error and thus we don't have to check for a error. I think checking that
the value didn't overflow in qcow2_get_refcount() should be sufficient
and relieves the other callers (mainly the image check for its in-memory
refcount table/array) which know that the value cannot overflow from
error checking.
Although I did forget an overflow check after the call to get_refcount()
in update_refcount_discard().
+
+static void set_refcount_ro6(void *refcount_array, uint64_t index,
+ uint64_t value)
+{
+ ((uint64_t *)refcount_array)[index] = cpu_to_be64(value);
+}
Should this assert that value <= INT64_MAX, since that's what the rest
of the code caps it to?
Yes, that it should most certainly do.
Max
