On 02.03.2016 16:16, Jeff Cody wrote:
> The function qemu_strtoul() reads 'unsigned long' sized data,
> which is larger than uint32_t on 64-bit machines.
>
> Even though the snap_id field in the header is 32-bits, we must
> accomodate the full size in qemu_strtoul().
>
> Reported-by: Paolo Bonzini <pbonz...@redhat.com>
> Signed-off-by: Jeff Cody <jc...@redhat.com>
> ---
> block/sheepdog.c | 6 +++---
> 1 file changed, 3 insertions(+), 3 deletions(-)
>
> diff --git a/block/sheepdog.c b/block/sheepdog.c
> index 8739acc..c6bf900 100644
> --- a/block/sheepdog.c
> +++ b/block/sheepdog.c
> @@ -2543,7 +2543,7 @@ static int sd_snapshot_delete(BlockDriverState *bs,
> const char *name,
> Error **errp)
> {
> - uint32_t snap_id = 0;
> + unsigned long snap_id = 0;
> char snap_tag[SD_MAX_VDI_TAG_LEN];
> Error *local_err = NULL;
> int fd, ret;
> @@ -2565,12 +2565,12 @@ static int sd_snapshot_delete(BlockDriverState *bs,
> memset(buf, 0, sizeof(buf));
> memset(snap_tag, 0, sizeof(snap_tag));
> pstrcpy(buf, SD_MAX_VDI_LEN, s->name);
> - if (qemu_strtoul(snapshot_id, NULL, 10, (unsigned long *)&snap_id)) {
> + if (qemu_strtoul(snapshot_id, NULL, 10, &snap_id)) {
> return -1;
> }
>
> if (snap_id) {
> - hdr.snapid = snap_id;
> + hdr.snapid = (uint32_t) snap_id;
Maybe we should do an overflow check before?
Max
> } else {
> pstrcpy(snap_tag, sizeof(snap_tag), snapshot_id);
> pstrcpy(buf + SD_MAX_VDI_LEN, SD_MAX_VDI_TAG_LEN, snap_tag);
>
signature.asc
Description: OpenPGP digital signature
