On Tue, May 17, 2022 at 03:48:59PM +0100, Alberto Faria wrote: > On Tue, May 17, 2022 at 3:33 PM Eric Blake <ebl...@redhat.com> wrote: > > ...now end up calling QEMU_IOVEC_INIT_BUF() which tries to do > > .local_iov.iov_len = bytes, which can silently overflow on 32-bit > > platforms where iov_len is size_t. We need to add a code guard that > > callers do not pass in too large of a buffer. > > I see. blk_co_pread() and blk_co_pwrite() use assert(bytes <= > SIZE_MAX). Would that be an appropriate safeguard here? Or should we > return an error?
I'd be okay with the assert. -- Eric Blake, Principal Software Engineer Red Hat, Inc. +1-919-301-3266 Virtualization: qemu.org | libvirt.org
