On Tue, May 17, 2022 at 3:33 PM Eric Blake <ebl...@redhat.com> wrote: > ...now end up calling QEMU_IOVEC_INIT_BUF() which tries to do > .local_iov.iov_len = bytes, which can silently overflow on 32-bit > platforms where iov_len is size_t. We need to add a code guard that > callers do not pass in too large of a buffer.
I see. blk_co_pread() and blk_co_pwrite() use assert(bytes <= SIZE_MAX). Would that be an appropriate safeguard here? Or should we return an error? Alberto
