|
 |
f239de |
From 1a97380b1cc4d167697e31e5fb663e805629c1ab Mon Sep 17 00:00:00 2001
|
|
|
f239de |
From: Artem Blagodarenko <artem.blagodarenko@gmail.com>
|
|
|
f239de |
Date: Thu, 22 Apr 2021 01:24:48 -0400
|
|
|
f239de |
Subject: [PATCH 25/46] e2image: fix overflow in l2 table processing
|
|
|
f239de |
Content-Type: text/plain
|
|
|
f239de |
|
|
|
f239de |
For a large partition during e2image capture process
|
|
|
f239de |
it is possible to overflow offset at multiply operation.
|
|
|
f239de |
This leads to the situation when data is written to the
|
|
|
f239de |
position at the start of the image instead of the image end.
|
|
|
f239de |
|
|
|
f239de |
Let's use the right cast to avoid integer overflow.
|
|
|
f239de |
|
|
|
f239de |
Signed-off-by: Alexey Lyashkov <c17817@cray.com>
|
|
|
f239de |
Signed-off-by: Artem Blagodarenko <c17828@cray.com>
|
|
|
f239de |
HPE-bug-id: LUS-9368
|
|
|
f239de |
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
|
f239de |
Signed-off-by: Lukas Czerner <lczerner@redhat.com>
|
|
|
f239de |
---
|
|
|
f239de |
lib/ext2fs/qcow2.c | 2 +-
|
|
|
f239de |
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
f239de |
|
|
|
f239de |
diff --git a/lib/ext2fs/qcow2.c b/lib/ext2fs/qcow2.c
|
|
|
f239de |
index ee701f7a..20824170 100644
|
|
|
f239de |
--- a/lib/ext2fs/qcow2.c
|
|
|
f239de |
+++ b/lib/ext2fs/qcow2.c
|
|
|
f239de |
@@ -238,7 +238,7 @@ int qcow2_write_raw_image(int qcow2_fd, int raw_fd,
|
|
|
f239de |
if (offset == 0)
|
|
|
f239de |
continue;
|
|
|
f239de |
|
|
|
f239de |
- off_out = (l1_index * img.l2_size) +
|
|
|
f239de |
+ off_out = ((__u64)l1_index * img.l2_size) +
|
|
|
f239de |
l2_index;
|
|
|
f239de |
off_out <<= img.cluster_bits;
|
|
|
f239de |
ret = qcow2_copy_data(qcow2_fd, raw_fd, offset,
|
|
|
f239de |
--
|
|
|
f239de |
2.35.1
|
|
|
f239de |
|